storage device

CN122153984APending Publication Date: 2026-06-05SAMSUNG ELECTRONICS CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
SAMSUNG ELECTRONICS CO LTD
Filing Date
2025-08-27
Publication Date
2026-06-05

AI Technical Summary

Technical Problem

Existing storage devices are inadequate in preventing unauthorized access and data manipulation when managing and protecting sensitive and secure data, and their security and reliability are insufficient.

Method used

The storage device includes a storage controller and a security management module. The security manager controls access to secure data according to different security modes, including unauthenticated mode, authenticated mode, zeroing mode, debug mode, and abnormal mode, which restrict or allow different levels of access operations respectively.

Benefits of technology

It enables effective management and protection of secure data, prevents unauthorized access and data manipulation, improves the security and reliability of storage devices, and ensures the confidentiality and integrity of data.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122153984A_ABST
    Figure CN122153984A_ABST
Patent Text Reader

Abstract

A storage device includes a memory device and a storage controller including a security management module to manage security data of the storage device. The security management module includes a security manager to receive a command related to the security data, determine a current security mode of the storage device in response to receiving the command, and control access to the security data based on the current security mode. The current security mode includes one of a first security mode in which the security manager allows access to the security data, a second security mode in which the security manager allows limited access to the security data, and a third security mode in which the security manager prevents access to the security data.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to a storage device. Background Technology

[0002] Recently, storage devices using memory devices, such as solid-state drives (SSDs), have become widely used. These storage devices offer excellent stability and durability due to the absence of mechanical driving components, and also boast advantages such as very fast information access and low power consumption. Today, as electronic circuits are applied to various types of systems such as automobiles, airplanes, and drones, as well as electronic systems such as laptops, storage devices are also used in a wide variety of systems.

[0003] Meanwhile, storage devices can store sensitive security data, such as encryption keys, authentication information, and security protocol parameters. To securely manage this data, security technologies such as authentication, encryption, and access control are required. Furthermore, a systematic framework is needed to effectively protect and manage secure data under various circumstances and maintain its integrity and confidentiality.

[0004] The above information is intended to enhance understanding of the background of this disclosure and may include information not contained in the related art. Summary of the Invention

[0005] This invention relates to a storage device.

[0006] According to some embodiments, a storage device includes a memory device and a storage controller. The storage controller includes a security management module for managing security data of the storage device. The security management module includes a security manager configured to: receive commands related to the security data; determine a current security mode of the storage device in response to receiving the commands; and control access to the security data based on the current security mode. The current security mode includes one of a first security mode, a second security mode, and a third security mode. In the first security mode, the security manager is configured to allow access to the security data; in the second security mode, the security manager is configured to allow restricted access to the security data; and in the third security mode, the security manager is configured to block access to the security data.

[0007] According to some embodiments, a storage device includes a memory device and a storage controller, the storage controller including: a first processor core configured to control non-security-related operations of the storage device; a second processor core configured to control security operations of the storage device; and a security management module configured to be accessed by the second processor core, wherein the security management module includes: a security memory device configured to store at least some of the security data of the storage device; and a security data buffer configured to temporarily store first security data read from the security memory device, wherein the first security data is a portion of the security data stored in the security memory device, the second processor core being configured to: receive a command related to the security data; determine the current security mode of the storage device in response to receiving the command related to the security data; and determine, based on the current security mode, whether to perform an operation related to the security memory device, and the second processor core being configured to: read the first security data temporarily stored in the security data buffer when performing a read operation on the security memory device.

[0008] According to some embodiments, a storage device includes a memory device and a storage controller, the storage controller including: a first processor core for controlling non-security-related operations of the storage device; a second processor core for controlling security operations of the storage device; and a security management module configured to be accessed by the second processor core, wherein the security management module includes: a secure memory device configured to store a first portion of secure data of the storage device; an external memory device configured to store a second portion of the secure data, wherein the external memory device is configured to be accessed by the second processor core; and a security data buffer. A security data buffer is configured to temporarily store security data read from the security memory device or the external memory device, wherein the current security mode of the storage device includes one of an unauthenticated mode, an authenticated mode, a zeroing mode, a debug mode, and an exception mode; the second processor core is configured to: receive a command related to the security data; determine the current security mode of the storage device in response to receiving the command related to the security data; and control access to the security memory device and the external memory device based on the determined current security mode; and the second processor core is configured to: read the security data temporarily stored in the security data buffer when a read operation is performed on the security memory device or the external memory device.

[0009] According to various embodiments of this disclosure, access to secure data can be controlled based on the current security mode of the storage device, thereby effectively preventing security threats such as unauthorized access and data manipulation.

[0010] According to various embodiments of this disclosure, the confidentiality and integrity of secure data can be maintained, and the reliability and security level of storage devices can be effectively improved.

[0011] According to various embodiments of this disclosure, requests for access to secure data can be responded to quickly, and operations can be performed on the secure data efficiently.

[0012] According to various embodiments of this disclosure, the storage and management of secure data can be unified, and access to secure data can be effectively controlled. Therefore, the integrity and confidentiality of secure data can be maintained.

[0013] The effects of this disclosure are not limited to those described above. The following description of this disclosure will enable those skilled in the art to clearly understand other technical effects of this disclosure not mentioned above. Attached Figure Description

[0014] Figure 1 This is a block diagram illustrating a storage system according to some embodiments of the present disclosure.

[0015] Figure 2 This is a block diagram illustrating a storage controller according to some embodiments of the present disclosure.

[0016] Figure 3 This is a flowchart illustrating an example of a method for operating a security management module according to some embodiments of the present disclosure.

[0017] Figure 4 The present disclosure illustrates a security mode of a storage device according to one embodiment of the present disclosure, and what operations the security manager is allowed to perform in each security mode.

[0018] Figure 5 This is a block diagram illustrating a storage controller according to some embodiments of the present disclosure.

[0019] Figure 6 This is a view used to illustrate an example of a secure data address table according to an embodiment of this disclosure.

[0020] Figure 7 This is a block diagram illustrating a storage device according to some embodiments of the present disclosure.

[0021] Figure 8 This is a view used to illustrate an example of a secure data address table according to an embodiment of this disclosure.

[0022] Figure 9 This is a block diagram illustrating a storage system according to some embodiments of the present disclosure.

[0023] Figure 10 This is a flowchart illustrating an example of a method for performing a registration operation related to security data according to some embodiments of this disclosure.

[0024] Figure 11 This is a flowchart illustrating an example of a method for performing write operations related to secure data according to some embodiments of this disclosure.

[0025] Figure 12 This is a flowchart illustrating an example of a method for performing read operations related to secure data according to some embodiments of this disclosure.

[0026] Figure 13 Examples of how the security mode of a storage device is switched according to some embodiments of this disclosure are shown.

[0027] Figure 14 This is a flowchart illustrating an example of a method for switching security modes according to some embodiments of the present disclosure.

[0028] Figure 15 This is a flowchart illustrating an example of a method for switching security modes according to some embodiments of the present disclosure.

[0029] Figure 16 This is a flowchart illustrating an example of a method for switching security modes according to some embodiments of the present disclosure.

[0030] Figure 17 This is a view used to illustrate the operation of a storage system according to some embodiments of the present disclosure.

[0031] Figure 18 This is a block diagram illustrating an example of how a storage system according to an embodiment of the present disclosure is applied to an SSD system. Detailed Implementation

[0032] Throughout this specification, when a component is described as "comprising" a specific element or group of elements, it will be understood that the component is formed solely by that element or group of elements, or that the element or group of elements may be combined with additional elements to form the component, unless the context clearly and / or explicitly states the opposite. On the other hand, the term "composed of" indicates that a component is formed solely by the listed elements. Furthermore, phrases such as "at least one of A and B," or "at least one of A or B," may include A and B, or A or B.

[0033] Ordinal numbers such as "first," "second," and "third" can simply be used as labels to distinguish certain elements, steps, etc., from one another. Terms not described using "first," "second," etc., in the specification may still be referred to as "first" or "second" in the claims. Furthermore, a term referred to by a specific ordinal number (e.g., "first" in a particular claim) may be described elsewhere using a different ordinal number (e.g., "second" in the specification or another claim).

[0034] In the following text, reference will be made to Figures 1 to 18 Various embodiments of this disclosure are described. Throughout this disclosure, the same reference numerals may refer to the same parts.

[0035] Figure 1 This is a block diagram illustrating a storage system 10 according to some embodiments of the present disclosure.

[0036] refer to Figure 1 The storage system 10 may include a host device 20 and a storage device 100 designed to exchange data with the host device 20. The storage system 10 may be one of the following types of data storage devices: mobile phone, smartphone, MP3 player, laptop, desktop computer, game console, television (TV), tablet PC, or in-vehicle infotainment system.

[0037] The host device 20 can control the overall operation of the storage system 10. The host device 20 can run an operating system and various applications for internet browsers, games, videos, cameras, etc. For example, the operating system running on the host device 20 may include a file system for managing files and device drivers for controlling peripheral devices, including the storage device 100, at the operating system level.

[0038] The host device 20 may include at least one of an application processor, a central processing unit, and a microprocessor. The host device 20 may have a processor including a single processor core or a processor including multiple processor cores. In one embodiment, the storage system 10 may be included in a mobile device, and the host device 20 may be configured as an application processor. In one embodiment, the host device 20 may be configured as a system-on-a-chip (SoC) and therefore may be embedded in an electronic device.

[0039] Host device 20 can communicate with storage device 100 through various interfaces. For example, storage device 100 and host device 20 can connect to each other based on an interface protocol defined by the Universal Flash Memory (UFS) standard, so storage device 100 can be a UFS device and host device 20 can be a UFS host. However, this disclosure is not limited thereto, and storage device 100 and host device 20 can connect to each other based on a range of standard interfaces.

[0040] The host device 20 can control data processing operations performed by the storage device 100, such as data read operations or data write operations. The host device 20 can send commands and data to the storage device 100 for data processing operations performed by the storage device 100, and the storage device 100 can perform the data processing operations according to the commands and send a response to the host device 20 indicating the result of the operation. The host device 20 can send commands related to the general operation of the storage device 100, such as read commands and write commands. Furthermore, the host device 20 can send commands based on security protocols of the interface with the storage device 100, such as secure input commands and secure output commands for the security functions of the storage device 100. The storage device 100 can send data generated by performing operations according to requests from the host device 20 and / or data read from the storage device.

[0041] Storage device 100 can be manufactured as one of various types of storage devices based on a host interface for communicating with host device 20. For example, storage device 100 can be one of various types of storage devices, such as solid-state drives (SSDs), multimedia cards in the form of MMC, eMMC, RS-MMC, or micro-MMC, secure digital cards in the form of SD, mini-SD, or micro-SD, universal storage bus (USB) storage devices, universal flash memory (UFS) devices, storage devices in the form of PCMCIA cards, storage devices in the form of peripheral component interconnect (PCI) cards, storage devices in the form of fast PCI (PCI-E) cards, compact flash (CF) cards, smart media cards, and memory sticks.

[0042] When storage device 100 is an SSD, it can be a device conforming to the Non-Volatile Memory Fast (NVMe) standard. When storage device 100 is embedded memory or external memory, it can be a device conforming to the Universal Flash Memory (UFS) or Embedded Multimedia Card (eMMC) standard. Host device 20 and storage device 100 can each generate and send data packets according to the standard protocol they employ.

[0043] The storage device 100 can be manufactured as one of a variety of package types. For example, the storage device 100 can be manufactured as one of a range of package types such as POP, System in Package (SIP), System on Chip (SOC), Multi-Chip Package (MCP), Chip on Board (COB), Wafer-Level Fabrication Package (WFP), and Wafer-Level Stacked Package (WSP).

[0044] The storage device 100 may include at least one of a first memory device 102 and a second memory device 104, as well as a storage controller 110. Figure 1 A storage device 100 is shown that includes a plurality of first memory devices 102 and a plurality of second memory devices 104. However, this is only an exemplary embodiment, and the present disclosure is not limited thereto. For example, the first memory devices 102 may include a single first memory device, and the second memory devices 104 may include a single second memory device. In some embodiments, the storage device 100 may include a single memory device, such as the first memory device 102.

[0045] Storage controller 110 can control the overall operation of storage device 100. For example, storage controller 110 can control data write and / or read operations of storage device 100 in response to commands received from host device 20.

[0046] The first memory device 102 and / or the second memory device 104 may store data received from the memory controller 110. In an exemplary embodiment, the first memory device 102 may include flash memory as a non-volatile memory device. In some embodiments, the first memory device 102 may include phase-change random access memory (PRAM), resistive random access memory (RRAM), nanofloating gate memory (NFGM), polymer random access memory (PoRAM), magnetic random access memory (MRAM), ferroelectric random access memory (FRAM), or similar memory. When the first memory device 102 includes flash memory, the flash memory may include a 2D NAND memory array and / or a 3D or vertical NAND (VNAND) memory array. In other embodiments, the first memory device 102 may include a variety of other types of non-volatile memory devices.

[0047] In an exemplary embodiment, the second memory device 104 may include a volatile memory device. The second memory device 104 may include at least one of a volatile memory device such as dynamic random access memory (DRAM), static random access memory (SRAM), and synchronous dynamic random access memory (SDRAM). In other embodiments, the second memory device 104 may include various other types of volatile memory devices.

[0048] Storage device 100 may store a series of security data related to maintaining the security of storage device 100 and / or protecting the data stored therein. Such security data may be important data that may involve special management, serving as information designed to perform security functions within storage device 100 and maintain the security state of storage device 100. In an exemplary embodiment, security data may be stored in a specific storage area of ​​storage device 100 or managed by internal modules of storage controller 110. For example, security data may be stored in security-only memory within storage controller 110. In one embodiment, data other than security data may be stored in first memory device 102 and second memory device 104, but this disclosure is not limited thereto.

[0049] Security data can refer to any information necessary to maintain the security of storage device 100 and / or protect its data, and may include, for example, sensitive security parameters (SSPs). Security data may include encryption keys used within storage device 100, such as private keys, public keys, symmetric keys, asymmetric keys, session keys, and root keys. In other embodiments, security data may include authentication data, such as certificate data included in a digital certificate, secret authentication tokens, and biometric authentication data. In other embodiments, security data may include various types of information related to managing the security state of storage device 100 and protecting its data. Such information may include parameters of security protocols, secure boot keys, random seeds, data used by hardware security modules (HSMs), etc.

[0050] Storage controller 110 may include a security management module 120 designed to manage secure data. Security management module 120 may include a dedicated hardware module separately located within storage controller 110 to manage the secure data of storage device 100. Security management module 120 may store various types of secure data from storage device 100. Furthermore, when an external device, such as host device 20, attempts to access the secure data of storage device 100, the security management module 120 may control such access. In one embodiment, security management module 120 may determine the current security mode or state of storage device 100 and control access to secure data based on the current security mode. For example, and as described below, when storage device 100 is in a first security mode, host device 20 may be granted a first type of access, and when storage device 100 is in a second security mode, host device 20 may be granted a second type of access. The first security mode may differ from the second security mode, and thus the first type of access may differ from the second type of access. In some embodiments, the first type of access allows read operations where the associated data can be read, and the second type of access allows write operations where data can be written to either memory device 102 or memory device 104. Additional security modes (e.g., a third security mode, a fourth security mode, etc.), some of which are described herein, are also envisioned. Thus, the security management module 120 can determine the security mode before providing access to secure data.

[0051] Security management module 120 may include security manager 122, which can control access to security management module 120 and perform operations related to security data. For example, security manager 122 may receive commands related to security data and, in response to receiving such commands, determine the current security mode of storage device 100, and control access to security management module 120 and / or security data based on the current security mode of storage device 100. As another example, based on the current security mode of storage device 100, security manager 122 may perform operations such as reading security data from a memory device storing security data and writing security data to a memory device. Read operations (e.g., reading security data from a memory device) may include retrieving or accessing security data without modifying it, ensuring the security data remains unchanged. Write operations (e.g., writing security data to a memory device) may include adding, modifying, or updating security data, allowing existing security data to be altered or new security data to be added.

[0052] The security mode of storage device 100 can be switched based on conditions such as the state of storage device 100 and specific events, and the security manager 122 can access or control access to security data differently in each security mode. For example, in one security mode, the security manager 122 may allow access to security data and perform operations on it, while in another security mode, the security manager 122 may restrict or block access to security data. A detailed description of how the security manager 122 accesses or controls access to security data in each security mode is provided below.

[0053] According to various embodiments of this disclosure, access to secure data can be controlled based on the current security mode of the storage device 100, thereby effectively preventing security threats such as unauthorized access and data manipulation. Specifically, even when a security attack is detected in the storage device 100, or when the storage device 100 is in a vulnerable state, the storage controller 110 or security manager 122 can monitor the state of the storage device 100 to switch its security mode and control access to secure data, thereby preventing the leakage or unauthorized modification of sensitive data. Therefore, the confidentiality and integrity of secure data can be maintained, and the reliability and security level of the storage device 100 can be effectively enhanced.

[0054] although Figure 1A storage device 100 including a first memory device 102 and a second memory device 104 is shown, but this disclosure is not limited thereto. In an exemplary embodiment, the storage device 100 may include the first memory device 102 but may not include the second memory device 104. In another embodiment, the storage device 100 may include the second memory device 104 but may not include the first memory device 102. Furthermore, additional memory devices (e.g., a third memory device, a fourth memory device, etc.) may be provided in addition to one or both of the first memory device 102 and the second memory device 104.

[0055] Figure 2 This is a block diagram illustrating a storage controller 110 according to some embodiments of the present disclosure.

[0056] refer to Figure 2 The storage controller 110 may include a security management module 120 that manages the security data of the storage device 100. The security management module 120 may include: a security manager 122 that controls access to the security data based on the current security mode of the storage device 100; a security storage device 124 that stores the security data; and a security data buffer 126 that temporarily stores the security data read from the security storage device 124. Although not shown, in addition to the security management module 120, the storage controller 110 may also include components for controlling the operation of the storage device.

[0057] In one embodiment, the security manager 122 can manage the security mode 121 of the storage device 100. Here, the security mode 121 can be hardware and / or software. The security manager 122 can monitor the state of the storage device 100 and switch the security mode 121 of the storage device 100. In other embodiments, the security manager 122 can receive signals related to the state of the storage device 100 from the storage controller 110 and switch the security mode 121 of the storage device 100 based on the received signals.

[0058] In one embodiment, security manager 122 can determine the current security mode of storage device 100. Security manager 122 can control access to secure data or determine whether to perform operations related to secure data based on the current security mode of storage device 100. For example, security manager 122 can receive commands related to secure data and determine whether to execute those commands based on the current security mode of storage device 100. Here, commands related to secure data may include operations of writing secure data to secure storage device 124 and / or reading secure data stored in secure storage device 124, but this disclosure is not limited thereto. When it is determined based on the current security mode of storage device 100 that the execution of commands related to secure data is permitted, security manager 122 can execute those commands.

[0059] In one embodiment, the security mode 121 of the storage device 100 may include multiple security modes, such as unauthenticated mode, authenticated mode, zeroing mode, debug mode and abnormal mode, but this disclosure is not limited thereto.

[0060] The unauthenticated mode indicates that storage device 100 has not yet been authenticated by security management module 120. The unauthenticated mode can be activated as the default mode when storage device 100 is in an initial state or a normal state where the authentication process has not yet been performed. When the current security mode of storage device 100 is unauthenticated, security manager 122 can block requests to access secure data and operate to prevent read and write operations on secure data. For example, when the current security mode 121 is unauthenticated, read and write operations may be denied, thereby preventing unauthorized access to secure data. Therefore, when the current security mode 121 is unauthenticated, host device 20 (e.g., and / or a processor attempting to access storage device 100 through host device 20) may not be permitted read or write operations. The unauthenticated mode can be activated when storage controller 110 has not yet received a command from host device 20 to process secure data and / or when an authentication request from host device 20 has been rejected.

[0061] An authentication mode can indicate that the security management module 120 has successfully completed the authentication process. For example, the authentication mode can be activated when the storage controller 110 has received a command from the host device 20 to process secure data and the authentication request from the host device 20 has been approved. Here, the command to process secure data may include an authentication request. Furthermore, the authentication request from the host device 20 may include authentication requests from the host device 20 and / or authentication requests from trusted entities, such as processors, attempting to access the storage device 100 through the host device 20. When the current security mode of the storage device 100 is the authentication mode, the security manager 122 can approve requests to access secure data and can allow and execute read and write operations on the secure data. In an embodiment, security mode 121 may initially be in an unauthenticated mode and may remain in the unauthenticated mode until the authentication mode (or another mode) is activated. For example, when security mode 121 is in the unauthenticated mode, the storage controller 110 can receive a command from the host device 20 to process secure data and can receive an authentication request from the host device 20. The approval of the authentication request by the security manager 122 can cause the security management module 120 to change the security mode 121 from unauthenticated mode to authenticated mode, thereby granting access to read and write operations on secure data.

[0062] Zeroing mode indicates that the security data stored in the secure storage device 124 and the secure data buffer 126 has been initialized by the security management module 120. Zeroing mode can be activated when an initialization request is issued by the host device 20 or when it is determined that it is necessary to initialize security data within the system. When the current security mode of the storage device 100 is zeroing mode, the security manager 122 can restrictively approve requests for access to the security data. For example, the security manager 122 can provide initialized security data in response to a command to read the security data. Furthermore, the security manager 122 can prevent write operations on the secure storage device 124 and the secure data buffer 126 in response to a command to write the security data. In embodiments, in zeroing mode, the security data stored in the secure storage device 124 and the secure data buffer 126 can be modified or rewritten with fixed or meaningless values ​​(e.g., zero). Therefore, zeroing mode may result in the security data stored in the secure storage device 124 and the secure data buffer 126 becoming unrecoverable.

[0063] Debug mode indicates that storage device 100 is being debugged. Debug mode can be activated when the debug port has been activated for purposes such as development or maintenance of storage device 100. When the current security mode of storage device 100 is debug mode, security manager 122 can restrictively approve requests for access to secure data. For example, in debug mode, security manager 122 can initialize (e.g., zero out) the secure data stored in secure data buffer 126 and only allow read operations on secure data buffer 126. That is, access to secure memory device 124 can be blocked in debug mode. Therefore, security manager 122 can provide initialized secure data stored in secure data buffer 126 in response to a command to read secure data. Furthermore, security manager 122 can block write operations to secure memory device 124 and secure data buffer 126 in response to a command to write secure data.

[0064] An anomalous mode can indicate that storage device 100 is in a faulty state or that a security threat has been detected. An anomalous mode can be activated when storage device 100 is in a Federal Information Processing Standard (FIPS) certification failure state (FIPS Fail) or when abnormal operation of the device is sensed (e.g., an attack or breach of data integrity is detected). When the current security mode of storage device 100 is an anomalous mode, security manager 122 can initialize (e.g., zero out) the secure data stored in secure storage device 124 and secure data buffer 126. Furthermore, security manager 122 can block requests to access secure data and operate to prevent read and write operations on the secure data.

[0065] In one embodiment, the secure storage device 124 may store at least some of the secure data of the storage device 100. The secure storage device 124 may be a dedicated storage area for storing and / or managing the secure data of the storage device 100. Access to the secure storage device 124 may be granted to the security manager 122 of the security management module 120. Therefore, the security manager 122 may prevent the host device 20 and / or other components in the storage device 100 from directly accessing the secure storage device 124 based on the current security mode of the storage device 100. In one embodiment, all the secure data of the storage device 100 may be stored in the secure storage device 124 included in the security management module 120. As a result, the storage and management of secure data can be unified, and access to secure data can be effectively controlled. This ensures the integrity and confidentiality of the secure data.

[0066] In one embodiment, the secure memory device 124 may include a volatile memory device. The secure memory device 124 may include static random access memory (SRAM). In other embodiments, the secure memory device 124 may include various volatile memory devices such as dynamic random access memory (DRAM), synchronous dynamic random access memory (SDRAM), and resistive random access memory (RRAM). However, this disclosure is not limited thereto, and the secure memory device 124 may include a non-volatile memory device. Therefore, the security manager 122 is able to quickly respond to requests for access to secure data on the secure memory device 124 and efficiently perform read or write operations on the secure data.

[0067] In one embodiment, the secure data buffer 126 may temporarily store first secure data read from the secure memory device 124. Here, the first secure data may include at least some of the secure data stored in the secure memory device 124. Therefore, the secure data buffer 126 may receive some secure data from the secure memory device 124 (e.g., the first secure data as part of the secure data) (e.g., by reading it from the secure memory device 124 into the secure data buffer 126), and may temporarily save or store this first secure data. Access to the secure data buffer 126 may be granted to the security manager 122 of the security management module 120. When a read operation is performed on the secure data, the security manager 122 may load the first secure data from the secure memory device 124 into the secure data buffer 126, and may then read the first secure data stored in the secure data buffer 126. Therefore, direct access to the secure memory device 124 can be restricted, and the possibility of secure data leakage can be effectively reduced. The secure data buffer 126 may be, for example, dynamic random access memory (DRAM), but this disclosure is not limited thereto. As described herein, when a read operation is performed to retrieve secure data, the secure data can be retrieved or accessed from a storage device or location (e.g., secure data buffer 126, etc.) without altering or changing the secure data. Thus, in some embodiments, when secure data is retrieved, the storage location where the secure data is stored can be determined, a control signal can be sent to the storage location to begin retrieving the secure data, and then the secure data can be transferred from the storage location to another different location (e.g., such as secure data buffer 126) and stored at that different location (e.g., such as secure data buffer 126).

[0068] Figure 3 This is a flowchart illustrating an example of an operation method 300 of a security management module according to some embodiments of the present disclosure. The operation method 300 of the security management module can be executed by the security manager of the security management module.

[0069] refer to Figure 3 In S310, the security manager of the security management module can receive commands related to security data. For example, the security manager can receive commands from the storage controller (e.g., Figures 1 to 2 The storage controller 110 receives read commands, write commands, etc., related to secure data from the host device (e.g., ...). Figure 1 The host device 20 receives a request to read or write secure data, performs a separate authentication process, and then sends a read or write command related to the secure data to the security manager 122. Alternatively, the storage controller 110 may receive a request from the host device 20 to allocate a storage area for storing secure data, perform a separate authentication process, and then send a command related to the secure data to the security manager 122. Furthermore, the security manager 122 may directly receive read and write commands related to secure data from the host device 20; however, this disclosure is not limited to these methods.

[0070] In S320, in response to receiving a command related to security data, the security manager 122 may determine the current security mode 121 of the storage device 100. In one embodiment, the security mode 121 may include an unauthenticated mode, an authenticated mode, a zeroing mode, a debug mode, and an abnormal mode, but this disclosure is not limited thereto.

[0071] In S330, the security manager 122 can control access to secure data based on the current security mode 121 of the storage device. In one embodiment, the security manager 122 can block access to secure data in response to determining that the current security mode is an unauthenticated mode. In one embodiment, the security manager 122 can allow access to secure data in response to determining that the current security mode is an authenticated mode. In one embodiment, the security manager 122 can allow restricted access to secure data in response to determining that the current security mode is a zero-based mode. For example, in response to determining that the current security mode is a zero-based mode, the security manager 122 can allow read operations related to secure data and block write operations related to secure data. In one embodiment, the security manager 122 can allow restricted access to secure data in response to determining that the current security mode is a debug mode. For example, the security manager 122 can allow only read operations to the secure data buffer 126 in response to determining that the current security mode is a debug mode. In one embodiment, the security manager 122 can block access to secure data in response to determining that the current security mode is an exception mode. Therefore, multiple security modes are possible and may include a first security mode, a second security mode, and a third security mode. The first security mode may include an authenticated mode, where the security manager 122 allows access to secure data, for example, by allowing read and / or write operations. The second security mode may be a zeroing mode or a debug mode, and in the second mode, the security manager 122 allows restricted access to secure data, for example, by allowing read operations but blocking write operations. The third security mode may be an unauthenticated mode or an exception mode, and in the third security mode, the security manager 122 blocks access to secure data and may not allow either read or write operations. Therefore, the restricted access in the second security mode is less access than in the first security mode, but more access than in the third security mode.

[0072] refer to Figure 3 The flowcharts and descriptions are merely exemplary and may be constructed differently in some embodiments. For example, in some embodiments, the order of steps may be changed, some steps may be repeated, some steps may be skipped, or some steps may be added.

[0073] Figure 4 The following diagram illustrates a security mode of a storage device 100 according to an embodiment of the present disclosure and what operations the security manager 122 is allowed to perform in each security mode. References Figure 4 The security modes of storage device 100 may include unauthenticated mode, authenticated mode, zeroing mode, debug mode, and abnormal mode.

[0074] In one embodiment, a registration operation may be a process of allocating storage space for storing secure data, and may refer to the following operations of the security manager 122: registering the memory address where the secure data will be stored in a management table and allocating memory. A read operation may refer to the following operations of the security manager 122: loading secure data from a storage area where secure data is already stored (e.g., secure memory device 124) into temporary storage space (e.g., secure data buffer 126) to read the secure data and provide it to the subject requesting the secure data. A write operation may refer to the following operations of the security manager 122: writing secure data to a dedicated storage area (e.g., secure memory device 124) to write, modify, or update the secure data.

[0075] In one embodiment, when the current security mode of storage device 100 is unauthenticated mode, registration, read, and write operations related to secure data can be blocked. In another embodiment, when the current security mode of storage device is authenticated mode, registration, read, and write operations related to secure data can be allowed. Therefore, since only trusted entities are allowed access, the confidentiality and integrity of secure data can be improved.

[0076] In one embodiment, when the storage device's current security mode is zero-level mode, registration and write operations related to security data can be blocked. Conversely, when the storage device's current security mode is zero-level mode, read operations related to security data can be allowed. In zero-level mode, the storage area for storing security data is initialized so that even if a read operation is performed, initialized or invalid data may be returned.

[0077] In one embodiment, when the current security mode of the storage device is debug mode, registration and write operations related to security data can be blocked. Furthermore, when the current security mode of the storage device is debug mode, read operations related to security data can be allowed. Here, access to temporary storage space storing security data, such as the security data buffer 126, can be allowed only. In debug mode, the security data buffer 126 can remain initialized so that even when performing a read operation, initialized or invalid data can be returned. Debug mode can be a mode used to support maintenance, development, defect analysis, etc., and in this mode, direct access to the security storage device 124 can be restricted. Allowing only access to the initialized data buffer in debug mode prevents the leakage of sensitive security data through memory dumps.

[0078] In one embodiment, when the current security mode of storage device 100 is anomalous mode, registration, read, and write operations related to secure data can be blocked. Anomalous mode can be activated when the storage device is in a Federal Information Processing Standard (FIPS) certification failure state (FIPS Fail) or when anomalous operation of the storage device is sensed (e.g., an attack or breach of data integrity is detected). Because access to the storage area containing secure data is blocked in anomalous mode, leakage or misuse of sensitive secure data can be prevented.

[0079] Figure 5 This is a block diagram illustrating a storage controller 110 according to some embodiments of the present disclosure. Figure 6 This is a view used to illustrate an example of a security data address table 128 according to one embodiment of the present disclosure. In the following, descriptions that are repeated from the preceding description will be skipped or summarized.

[0080] refer to Figure 5 The storage controller 110 may include a security management module 120 that manages secure data for the storage device. The security management module 120 may include: a security manager 122 that manages the security mode 121 of the storage device and controls access to secure data based on the current security mode of the storage device; a secure storage device 124 that stores secure data; a secure data buffer 126 that temporarily stores secure data read from the secure storage device 124; and a secure data address table 128 that stores address data associated with the secure data.

[0081] In one embodiment, the security data address table 128 can store the start and end addresses of the security data. When a registration operation is performed, the security manager 122 can allocate a storage area for storing the security data and store the start and end addresses corresponding to that storage area in the security data address table 128. Here, the storage area for storing the security data may include a specific storage area within the security memory device 124. The security manager 122 can identify the storage area storing the security data by referring to the security data address table 128 and perform read or write operations on that area. Therefore, the security data address table 128 can store the location of the security data within the security memory device 124.

[0082] Figure 6An example of a secure data address table 128 according to an embodiment of the present disclosure is shown. A security manager 122 may receive a first request to allocate storage space for storing secure data. When the security manager 122 determines that the current security mode of the storage device is authentication mode, the security manager 122 may allocate a first storage space in the secure storage device 124 and store a first start address S_ADDR1 and a first end address E_ADDR1 corresponding to the first storage space in the secure data address table 128. Furthermore, the security manager 122 may receive a second request to allocate storage space for storing secure data, and when it is determined that the current security mode of the storage device is authentication mode, the security manager 122 may allocate a second storage space within the secure storage device 124 and store a second start address S_ADDR2 and a second end address E_ADDR2 corresponding to the second storage space in the secure data address table 128. In addition, the security manager 122 can receive a third request to allocate storage space for storing security data, and when it is determined that the current security mode of the storage device is authentication mode, the security manager 122 can allocate a third storage space in the security storage device 124 and store the third start address S_ADDR3 and the third end address E_ADDR3 corresponding to the third storage space in the security data address table 128.

[0083] although Figure 6 A secure data address table 128 is shown that stores only the start and end addresses of the secure data, but this disclosure is not limited thereto. In one embodiment, the secure data address table 128 may store at least two of the start address, end address, and size of the secure data. The security manager 122 may determine the range of memory for storing the secure data based on the information stored in the secure data address table 128, and perform read or write operations on the secure data. For example, the security manager 122 may determine the storage area for storing the secure data based on the start address and size of the secure data, or it may determine the storage area for storing the secure data by referring to the start and end addresses of the secure data. Furthermore, the security manager 122 may determine the storage area for storing the secure data based on the end address and size of the secure data.

[0084] In addition, the security data address table 128 can also store context information used to identify security data. When a registration operation is performed, the security manager 122 can store the context information corresponding to the start and end addresses assigned to the subject that requested the command in the security data address table 128. When a read or write operation is performed on the security data, the security manager 122 can extract the start and end addresses of the security data based on the requested context information, and determine the storage area for storing the security data based on the start and end addresses of the security data.

[0085] Figure 7 This is a block diagram illustrating a storage device 100 according to some embodiments of the present disclosure. Figure 8 This is a view used to illustrate an example of a secure data address table 128a according to an embodiment of the present disclosure. In the following, descriptions that are repeated from the foregoing description will be skipped or summarized. The secure data address table 128a may correspond to... Figure 5 and Figure 6 The secure data address table 128 in the database.

[0086] Storage device 100 may include storage controller 110, first memory device 102, second memory device 104, and external memory device 130. Storage controller 110 may include security management module 120, and security management module 120 may include security manager 122, security memory device 124, security data buffer 126, and security data address table 128a for managing security mode 121 of storage device.

[0087] External storage device 130 may store some of the secure data and may be located outside of security management module 120. For example, external storage device 130 may be separate from security management module 120 and may be located in a different location than secure storage device 124. External storage device 130 may be a dedicated storage area for storing secure data, separate from security management module 120. External storage device 130 may refer to a storage area used for additional storage or separate management of secure data. Access to external storage device 130 may be granted only to security manager 122. Security manager 122 may prevent host device 20 and / or other components in storage device 100 from directly accessing external storage device 130 based on the current security mode of storage device 100. The secure data stored in external storage device 130 may be separate from the secure data stored in secure storage device 124 included in security management module 120. Therefore, in some embodiments, secure storage device 124 may store a first portion of secure data, while external storage device 130 may store a second portion of secure data, and the first portion of secure data may be different from the second portion of secure data. However, this disclosure is not limited thereto, and at least some of the security data stored in external storage device 130 may be duplicated or identical to at least some of the data stored in security storage device 124. In some embodiments, security storage device 124 may not be included in security management module 120, and all security data may be stored in external storage device 130. For example, in some embodiments, security management module 120 may not include a security storage device (e.g., security storage device 124), such that security data may be stored in external storage device 130.

[0088] In one embodiment, the external memory device 130 may include a one-time writable memory device, such as one-time programmable memory (OTP) or an electronic fuse (eFUSE). In other embodiments, the external memory device 130 may include volatile memory devices such as dynamic random access memory (DRAM) and static random access memory (SRAM), and at least one of non-volatile memory devices such as NAND flash memory, NOR flash memory, electrically erasable programmable read-only memory (EEPROM), magnetic random access memory (MRAM), and ferroelectric random access memory (FRAM).

[0089] In one embodiment, the security data buffer 126 may temporarily store second security data read from the external storage device 130. For example, when the storage controller 110 includes a security storage device 124 and an external storage device 130, the security data buffer 126 may temporarily store first security data read from the security storage device 124, and / or may temporarily store second security data read from the external storage device 130. Here, the second security data may include at least some of the security data stored in the external storage device 130. When a read operation is performed on the security data stored in the external storage device 130, the security manager 122 may load the second security data from the external storage device 130 into the security data buffer 126 and then read the second security data stored in the security data buffer 126.

[0090] In one embodiment, the security data address table 128a may store the start address, end address, and information about the external memory device (EMD INFO) for the security data. Here, the information about the external memory device 130 may include information indicating that the security data has been stored in the external memory device. Alternatively, the information about the external memory device 130 may include information indicating that the external memory device 130 has been allocated.

[0091] When a registration operation is performed, the security manager 122 can allocate a storage area for storing security data and store the start address and end address corresponding to that storage area in the security data address table 128a. Here, when the allocated storage area includes a specific storage area of ​​the external storage device 130, the security manager 122 can store information about the external storage device 130 in the security data address table 128a. When a write operation is performed, the security manager 122 can write the security data to the external storage device 130 by referring to the security data address table 128a. Furthermore, when a read operation is performed, the security manager 122 can determine that the security data has been stored in the external storage device 130 by referring to the security data address table 128a, and perform a read operation on the security data by accessing the external storage device 130 using the start address and end address stored in the security data address table 128a. Therefore, the security data address table 128a can store information related to the security data stored in the external storage device 130 (e.g., start address, end address, size of the security data, etc.). In other embodiments, depending on how the external memory device 130 stores data, the start and end addresses of the external memory device 130 may not be included in the secure data address table 128a, and only information about the external memory device 130 may be stored in the row corresponding to the secure data stored in the external memory device 130.

[0092] Figure 8 An example of a security data address table 128a according to an embodiment of the present disclosure is shown. A security manager 122 may receive a first request to allocate storage space for storing security data. The security manager 122 may determine, based on the first request, whether to store the security data in an external storage device 130. Here, the first request may include a request to store the security data in the external storage device 130. However, the present disclosure is not limited thereto, and the security manager 122 may determine whether to store the security data in the external storage device 130 based on the attributes, size, etc., of the security data included in the first request. When the current security mode of the storage device 100 is authentication mode and the external storage device 130 has been allocated, the security manager 122 may allocate a first storage space within the external storage device 110 and store a first start address S_ADDR1 and a first end address E_ADDR1 corresponding to the first storage space in the external storage device 130, along with first information about the external storage device 130, in the security data address table 128a. Subsequently, when the security manager 122 receives a request for subsequent write or read after the first request, it can determine whether to access the external storage device 130 based on the first information stored in the security data address table 128a, and can access the first storage space of the external storage device 130 based on the first start address S_ADDR1 and the first end address E_ADDR1 stored in the security data address table 128a.

[0093] Furthermore, the security manager 122 can receive a second request to allocate storage space for storing security data, and can determine whether to store the security data in the external storage device 130 based on the second request. When the current security mode of the storage device 100 is authentication mode and the external storage device 130 has not yet been allocated, the security manager 122 can allocate a second storage space within the security storage device 124, and store the second start address S_ADDR2 and the second end address E_ADDR2 corresponding to the second storage space, as well as second information indicating that the external storage device 130 has not yet been allocated, in the security data address table 128a. For example, refer to... Figure 8The second row corresponds to the second storage space and includes the second start address S_ADDR2, the second end address E_ADDR2, and second information about the external storage device 130. As shown, the third column (“EMD INFO”) lists information about the external storage device 130, and in the second row corresponding to the second storage space, an “X” in the third column (“EMD INFO”) indicates that the external storage device 130 has not been allocated. In contrast, an “O” in the third column of the first row (e.g., corresponding to the first storage space with the first start address S_ADDR1 and the first end address E_ADDR1) indicates that the external storage device 130 has been allocated. Regarding the second storage space, when the security manager 122 receives a request for subsequent write or read after the second request, the security manager 112 can determine whether to access the secure storage device 124 based on the second information, and can access the second storage space of the secure storage device 124 based on the second start address S_ADDR2 and the second end address E_ADDR2.

[0094] Furthermore, the security manager 122 can receive a third request to allocate storage space for storing security data, and can determine whether to store the security data in the external storage device 130 based on the third request. When the current security mode of the storage device 100 is authentication mode and the external storage device 130 for storing security data has not yet been allocated, a third storage space within the security storage device 124 can be allocated, and the third start address S_ADDR3 and the third end address E_ADDR3 corresponding to the third storage space, as well as third information indicating that the security data has not yet been stored in the external storage device 130, can be stored in the security data address table 128a. Figure 8 As shown, an "X" in the third column ("EMD INFO") of the third row (e.g., corresponding to the third memory space with a third start address S_ADDR3 and a third end address E_ADDR3) indicates that the external memory device 130 has not yet been allocated. Subsequently, when the security manager 122 receives a request for a subsequent write or read operation after the third request, the security manager 112 can access the secure memory device 124 based on the third information, and can access the third memory space of the secure memory device 124 based on the third start address S_ADDR3 and the third end address E_ADDR3.

[0095] Figure 8 A security data address table 128a is shown that stores only the start and end addresses, but this disclosure is not limited thereto. For example, the security data address table 128a may also store security data, context information for identifying the security data, the size of the security data, etc.

[0096] Figure 9 This is a block diagram illustrating a storage system 10 according to some embodiments of the present disclosure. In the following, descriptions that are repeated above will be skipped or summarized. Storage controller 900 may correspond to... Figure 1 The storage controller 110 in the middle.

[0097] refer to Figure 9 The storage system 10 may include a host device 20 and a storage device 100 designed to exchange data with the host device 20. The storage device 100 may include a storage controller 900, a first memory device 102, a second memory device 104, and an external memory device 130. The storage controller 900 may include a first processor core 910, a second processor core 920, and a security management module 930 accessible only to the second processor core 920.

[0098] In one embodiment, the first processor core 910 can control the general operation of the storage device 100, handle requests for reading and / or writing data, and manage data exchange with the host device 20. Furthermore, when security-related operations are required, the first processor core 910 can request the second processor core 920 to perform the operation, and can perform subsequent operations based on the response received from the second processor core 920. Therefore, the first processor core 910 can control non-security-related operations, such as requests for reading and / or writing data, and the management of data exchange with the host device 20, while the second processor core 920 can control security-related operations. However, this disclosure is not limited thereto; the second processor core 920 can directly receive security-related requests or commands from the host device 20.

[0099] In one embodiment, the second processor core 920 can control security-related operations of the storage device 100 and can uniquely access the security management module 930 and the external storage device 130 to manage secure data. For example, the second processor core 920 can generate encryption keys based on data received from the host device 20, or perform authentication processes related to external components (e.g., the host device 20). As another example, the second processor core 920 can manage the security mode of the storage device 100 and control access to the security management module 930 and the external storage device 130 based on the current security mode of the storage device 100.

[0100] In one embodiment, the security manager (e.g., Figure 1The operations performed by the security manager 122 can be executed by the second processor core 920. Furthermore, operations performed by the security manager (described below) can be executed by the second processor core 920. In one embodiment, the second processor core 920 can receive commands related to security data, determine the current security mode of the storage device 100 in response to receiving such commands, and control access to the security management module 930 based on the current security mode. For example, the second processor core 920 can access the security memory device 932 or the security data buffer 934 that stores security data based on the current security mode of the storage device 100 to read security data, write security data to the security memory device 932, etc.

[0101] In one embodiment, in response to determining that the current security mode of storage device 100 is an unauthenticated mode, the second processor core 920 can prevent operation on the secure memory device 932.

[0102] The second processor core 920 can manage the security mode of the storage device 100. In one embodiment, the second processor core 920 can determine whether to approve an authentication request from the host device 20. For example, the second processor core 920 can determine whether a subject attempting to access the storage device 100 through the host device 20 is reliable, and can switch the current security mode of the storage device 100 to authentication mode when the authentication request has been approved. In response to determining that the current security mode of the storage device 100 is authentication mode, the second processor core 920 can allow at least one of a read operation and a write operation to be performed on the secure memory device 932.

[0103] In one embodiment, the second processor core 920 can receive signals related to the state of the storage device 100 from the first processor core 910 and switch the security mode of the storage device 100 based on the received signals. In another embodiment, the second processor core 920 can monitor the state of the storage device 100 and switch the security mode of the storage device 100.

[0104] In one embodiment, the first processor core 910 may send an initialization signal to the second processor core 920 in response to an initialization request from the host device 20, and the second processor core 920 may switch the security mode of the storage device 100 to a zero-level mode in response to receiving the initialization signal. In response to determining that the current security mode of the storage device 100 is a zero-level mode, the second processor core 920 may initialize (e.g., zero-level) the security data stored in each of the security memory device 932 and the security data buffer 934.

[0105] In one embodiment, the first processor core 910 can monitor the debug state of the storage device 100 and send a debug signal to the second processor core 920 based on the current debug state. However, this disclosure is not limited thereto; the second processor core 920 can also monitor the debug state of the storage device 100. The second processor core 920 can switch the current security mode of the storage device 100 to debug mode in response to receiving a debug signal. In response to determining that the current security mode of the storage device 100 is debug mode, the second processor core 920 can initialize the security data stored in the security data buffer 934.

[0106] In one embodiment, the first processor core 910 may monitor whether the storage device 100 is in an abnormal state and send an abnormal state signal to the second processor core 920 based on the determination that the storage device 100 is in an abnormal state. However, this disclosure is not limited thereto, and the second processor core 920 may also monitor whether the storage device 100 is in an abnormal state. The second processor core 920 may switch the current security mode of the storage device 100 to an abnormal mode in response to receiving an abnormal state signal. In response to determining that the current security mode of the storage device 100 is an abnormal mode, the second processor core 920 may initialize the security data stored in each of the secure memory device 932 and the secure data buffer 934.

[0107] In addition, in response to receiving commands related to security data, the second processor core 920 can perform the following operations: register the address of the memory used to store security data in the management table, process memory allocation, etc.

[0108] Figure 10 This is a flowchart illustrating an example of a method 1000 for performing a registration operation related to security data according to some embodiments of the present disclosure. In some embodiments, the method 1000 for performing the registration operation related to security data may be performed by a security manager of a security management module (e.g., Figure 1 The security manager 122 in the memory is implemented. In some embodiments, the method 1000 for performing registration operations related to security data can be implemented by a second processor core of the storage controller (e.g., Figure 9 The method 1000 for performing registration operations related to security data is implemented by the security manager in the following description, but the second processor core may also implement the method 1000 for performing registration operations related to security data in a similar manner.

[0109] refer to Figure 10In S1010, the security manager of the security management module can receive registration requests related to security data. For example, the security manager can receive registration requests related to security data from the storage controller. Alternatively, the security manager can receive registration requests related to security data from the host device 20. Here, the registration request may include a request to allocate storage space for storing security data. In one embodiment, the storage space for storing security data may include at least one of a secure storage device (e.g., secure storage device 932) and an external storage device (e.g., external storage device 130).

[0110] In S1020, in response to receiving a registration request related to security data, the security manager can determine the current security mode of the storage device. In one embodiment, the security mode of the storage device may include an unauthenticated mode, an authenticated mode, a zeroing mode, a debug mode, and an abnormal mode, but this disclosure is not limited thereto. One or more of the above-mentioned security modes may not be included, or one or more additional security modes may be included.

[0111] In S1030, the security manager can determine whether access to the security management module (e.g., security management module 930) is permitted during a registration request based on the storage device's current security mode. In one embodiment, when the storage device's current security mode is determined to be one of unauthenticated mode, zeroing mode, debug mode, or anomaly mode, the security manager can determine that access to the security management module is not permitted. In one embodiment, when the storage device's current security mode is determined to be authenticated mode, the security manager can determine that access to the security management module is permitted.

[0112] In S1050, when it is determined that access to the security management module 930 is not permitted after receiving the registration request, the security manager may send a response to the registration request. For example, the response to the registration request may include a signal indicating that access to the security management module is not permitted, but this disclosure is not limited thereto.

[0113] In S1040, when access to the security management module 930 is granted after receiving a registration request, the security manager can allocate storage space for storing security data and register the start and end addresses in the security data address table. In one embodiment, when the allocated storage space is a specific storage area within the external storage device 130, the security manager can register the start and end addresses in the security data address table (e.g., ...). Figure 8The information regarding the external storage device 130 is registered in the diagram (shown in the diagram). This information may include indications that security data has been stored in the external storage device 130. For example, the information regarding the external storage device 130 may include indications that the external storage device 130 has been allocated. Subsequently, in S1050, the security manager may send a response to the registration request. For example, the response to the registration request may include a signal indicating that the allocation of storage space for storing security data has been completed, but this disclosure is not limited thereto.

[0114] refer to Figure 10 The flowcharts and descriptions are merely exemplary and may be constructed differently in some embodiments. For example, in some embodiments, the order of steps may be changed, some steps may be repeated, some steps may be skipped, or some steps may be added.

[0115] Figure 11 This is a flowchart illustrating an example of a method 1100 for performing a write operation related to secure data according to some embodiments of the present disclosure. In some embodiments, the method 1100 for performing a write operation related to secure data may be performed by a security manager of a security management module (e.g., Figure 1 The security manager 122 in the memory is implemented. In some embodiments, the method 1100 for performing write operations related to secure data may be implemented by a second processor core of the storage controller (e.g., Figure 9 The second processor core 920 is implemented in this manner. In the following description, the method 1100 for performing write operations related to secure data is implemented by the security manager, but the second processor core 920 may also implement the method 1100 for performing write operations related to secure data in a similar manner.

[0116] refer to Figure 11 In S1110, the security manager of the security management module can receive write requests related to security data. For example, the security manager can receive write requests related to security data from the storage controller. Or, for example, the security manager can receive write requests related to security data from the host device 20.

[0117] In S1120, in response to receiving a write request related to secure data, the security manager can determine the current security mode of the storage device 100. In one embodiment, the security mode of the storage device may include an unauthenticated mode, an authenticated mode, a zeroing mode, a debug mode, and an exception mode, but this disclosure is not limited thereto. One or more of the above-mentioned security modes may not be included, or one or more additional security modes may be included.

[0118] In S1130, the security manager can determine whether access to the security management module 930 is allowed during a write request based on the current security mode of the storage device 100. In one embodiment, when the current security mode of the storage device 100 is determined to be one of unauthenticated mode, zeroing mode, debug mode, and abnormal mode, the security manager can determine that access to the security management module is not allowed. In one embodiment, when the current security mode of the storage device is determined to be authenticated mode, the security manager can determine that access to the security management module is allowed.

[0119] In S1180, when it is determined that access to the security management module is not permitted during a write request, the security manager may send a response to the write request. For example, the response to the write request may include a signal indicating that access to the security management module is not permitted, but this disclosure is not limited thereto.

[0120] Referring again to S1130, in S1140, when it is determined that access to the security management module is permitted upon a write request, the security manager can retrieve the data from the security data address table (e.g., Figure 8 Address data is extracted from the external memory device 130 (as shown in the diagram). In one embodiment, the address data may include the start and end addresses of the storage space allocated for storing secure data, or the storage space where secure data has already been stored. In one embodiment, the address data may also include information indicating that the external memory device 130 has been allocated for storing secure data or that the external memory device 130 has already stored secure data.

[0121] In S1150, the security manager can determine whether the external storage device 130 has been allocated for storing security data based on the extracted address data. In other embodiments, the security manager can determine whether security data has been stored in the external storage device 130 based on the extracted address data. In S1160, the security manager can perform a write operation on the security storage device 932 based on the extracted address data if it is determined that the external storage device 130 has not been allocated, or it can choose not to perform a write operation on the external storage device 130. Therefore, a write operation (e.g., performing a write operation on the security storage device 932 or the external storage device 130) can be based on the determination that the external storage device 130 has been allocated, and if the external storage device 130 has not been allocated, a write operation is performed on the security storage device 932. Thereafter, in S1180, the security manager can send a response to the write request. For example, the response to the write request may include a signal that the write operation has been completed, but this disclosure is not limited thereto.

[0122] In S1170, once it is determined that the external memory device 130 has been allocated, the security manager can perform a write operation on the external memory device 130 based on the extracted address data. Then, in S1180, the security manager can send a response to the write request. For example, the response to the write request may include a signal that the write operation has been completed, but this disclosure is not limited thereto.

[0123] refer to Figure 11 The flowcharts and descriptions are merely exemplary and may be constructed differently in some embodiments. For example, in some embodiments, the order of steps may be changed, some steps may be repeated, some steps may be skipped, or some steps may be added.

[0124] Figure 12 This is a flowchart illustrating an example of a method 1200 for performing read operations related to secure data according to some embodiments of the present disclosure. In some embodiments, the method 1200 for performing read operations related to secure data may be performed by a security manager of a security management module (e.g., Figure 1 The security manager 122 in the memory is implemented. In some embodiments, the method 1200 for performing read operations related to security data may be implemented by a second processor core of the storage controller (e.g., Figure 9 The method 1200 for performing read operations related to security data is implemented by the security manager in the following description, but the second processor core 920 may also implement the method 1200 for performing read operations related to security data in a similar manner.

[0125] refer to Figure 12 In S1210, the security manager of the security management module can receive read requests related to security data. For example, the security manager can receive read requests related to security data from the storage controller. As another example, the security manager can receive read requests related to security data from the host device 20.

[0126] In S1220, in response to receiving a read request related to secure data, the security manager can determine the current security mode of the storage device 100. In one embodiment, the security mode of the storage device may include an unauthenticated mode, an authenticated mode, a zeroing mode, a debug mode, and an abnormal mode, but this disclosure is not limited thereto. One or more of the above-mentioned security modes may not be included, or one or more additional security modes may be included.

[0127] In S1230, the security manager can determine whether access to the security management module 930 is allowed during a read request based on the current security mode of the storage device 100. In one embodiment, when the current security mode of the storage device is determined to be an unauthenticated mode or an abnormal mode, the security manager can determine that access to the security management module is not allowed. In one embodiment, when the current security mode of the storage device is determined to be one of an authenticated mode, a zeroing mode, and a debug mode, the security manager can determine that access to the security management module is allowed.

[0128] In S1280, when it is determined that access to the security management module is not permitted during a read request, the security manager may send a response to the read request. For example, the response to the read request may include a signal indicating that access to the security management module is not permitted, but this disclosure is not limited thereto.

[0129] Referring again to S1230, in S1240, when it is determined that access to the security management module is permitted upon a read request, the security manager can retrieve the data from the security data address table (e.g., Figure 8 Address data is extracted from the external memory device 130 (as shown). In one embodiment, the address data may include the start and end addresses of the storage space where the security data has already been stored. In another embodiment, the address data may also include information indicating that the external memory device 130 has stored the security data.

[0130] In S1250, the security manager can determine whether the security data has been stored in the external memory device 130 based on the extracted address data. In S1260, when it is determined that the security data has not yet been stored in the external memory device 130, the security manager can load the security data from the security memory device 932 into the security data buffer 934. The security manager can read the security data loaded into the security data buffer 934. Then, in S1280, the security manager can send a response to the read request. For example, the response to the read request may include at least one of the security data that has been read and a signal that the read operation has been completed, but this disclosure is not limited thereto. In one embodiment, the read security data may be sent to the host device 20 after undergoing a separate decryption process.

[0131] In one embodiment, when the current security mode of the storage device is debug mode, the security manager may not access the secure memory device 932; however, it may instead access the secure data buffer 934. In debug mode, the secure data buffer 934 can remain initialized, so the security manager can read initialized or invalid data when performing a read operation on the secure data buffer 934.

[0132] Referring again to S1250, in S1270, when it is determined that secure data has been stored in external memory device 130, the security manager can load the secure data from external memory device 130 into secure data buffer 934. The security manager can read the secure data loaded into secure data buffer 934. The security manager can then send a response to the read request. For example, the response to the read request may include at least one of the secure data that has been read and a signal that the read operation has been completed, but this disclosure is not limited thereto. In one embodiment, the secure data that has been read may be sent to host device 20 after a separate decryption process by the storage controller. Therefore, the read operation may be based on the determination that secure data has been stored in external memory device 130, and if the secure data has not yet been stored in external memory device 130, a read operation is performed on the secure data stored in secure memory device 932.

[0133] refer to Figure 12 The flowcharts and descriptions are merely exemplary and may be constructed differently in some embodiments. For example, in some embodiments, the order of steps may be changed, some steps may be repeated, some steps may be skipped, or some steps may be added.

[0134] Figure 13 Examples of how the security mode of a storage device is switched according to some embodiments of this disclosure are shown. References Figure 13 The security modes of storage devices may include unauthenticated mode 1310, authenticated mode 1320, zeroing mode 1330, debug mode 1340 and abnormal mode 1350.

[0135] refer to Figure 13 The security mode of the storage device can be switched from unauthenticated mode 1310 to one of the following modes: authentication mode 1320, debug mode 1340, and exception mode 1351, via S1312, S1341, and S1351. Unauthenticated mode 1310 can indicate that authentication by the security management module has not yet been performed. In the normal state where the storage device is initialized or has not yet performed the authentication process, unauthenticated mode 1310 can be activated as the default mode.

[0136] In S1312, when the authentication process for the subject that sent the command related to secure data has been successfully completed, the security mode of the storage device can switch from unauthenticated mode 1310 to authenticated mode 1320. For example, to switch from unauthenticated mode 1310 to authenticated mode 1320, the subject can first send a command, where the subject can be a host device 20, etc. The storage controller can receive the command from the subject, and based on the received command, the storage controller can use an encryption / decryption engine to compare the hash value of the digital signature or authentication token, or can use a symmetric key or an asymmetric key to perform the authentication process. Then, the security mode of the storage device 100 can switch from unauthenticated mode 1310 to authenticated mode 1320. However, this disclosure is not limited to this, and the authentication process can be performed in various ways.

[0137] In one embodiment, the storage controller may, in response to receiving a command related to security data from the host device 20, verify whether the host device 20 or a subject attempting to access the storage device through the host device 20 can be trusted. When the storage controller has approved the authentication, it may send a signal to the security management module indicating that the authentication has been approved. In response to receiving the approved authentication signal, the security manager may switch the storage device's current security mode from unauthenticated mode 1310 to authenticated mode 1320.

[0138] In S1314, when operations related to secure data have been completed, the security mode of storage device 100 can switch from authenticated mode 1320 to unauthenticated mode 1310. For example, when the security manager has allocated a storage area for storing secure data, completed the operation of writing secure data to the allocated storage area, or completed the operation of reading secure data stored in the storage area, the security mode of storage device 100 can switch from authenticated mode 1320 to unauthenticated mode 1310.

[0139] In other embodiments, at S1314, when a series of operations related to secure data have been completed according to the session-based method, the security mode of the storage device can switch from authenticated mode 1320 to unauthenticated mode 1310. For example, when the security manager allocates a storage area for storing secure data during a specific session and immediately performs the operation of writing secure data to the storage area, the security mode of the storage device can switch from authenticated mode 1320 to unauthenticated mode 1310 at the end of the session and after the operation of writing secure data to the storage area is completed. However, this disclosure is not limited thereto.

[0140] In one embodiment, the security manager may switch the current security mode of the storage device from authenticated mode 1320 to unauthenticated mode 1310 in response to the completion of at least one of a read operation and a write operation on at least one of the secure storage device (e.g., secure storage device 124 or secure storage device 932) and the external storage device 130. In one embodiment, the security manager may allocate a storage area for storing secure data and store the start address and end address corresponding to the storage area in a secure data address table (e.g., ...). Figure 8 The operation shown in the diagram is completed, and the current security mode of the storage device is switched from certified mode 1320 to uncertified mode 1310.

[0141] In S1322, when the authenticated principal or host device 20 has sent a command for initializing security data, the security mode of the storage device can switch from authentication mode 1320 to zero-based mode 1330. For example, when the storage controller has received an initialization command from the authenticated principal, the security mode of the storage device can switch from authentication mode 1320 to zero-based mode 1330. However, this disclosure is not limited thereto.

[0142] In one embodiment, the storage controller may receive a command from the host device 20 for initializing security data. In response to receiving the initialization command from the host device 20, the storage controller may verify whether the host device 20 can be trusted. When the authentication request from the host device 20 has been approved, the storage controller may send an initialization signal to the security management module. In response to receiving the initialization signal, the security manager may switch the current security mode of the storage device from authentication mode 1320 to zeroing mode 1330. In one embodiment, the security manager may initialize or invalidate (e.g., zero out) data stored in the secure memory device, secure data buffer, secure data address table, and external memory device after switching the current security mode of the storage device to zeroing mode 1330.

[0143] When debugging the storage device, the security mode of the storage device can be switched from any of the unauthenticated mode 1310, authenticated mode 1320, and zero-reset mode 1330 to debug mode 1340 via S1341, S1342, and S1343. For example, when the debug port has been activated or a vendor-unlocked state (VU unlock) has been identified, the security mode of the storage device can be switched from any of the unauthenticated mode 1310, authenticated mode 1320, and zero-reset mode 1330 to debug mode 1340 when the storage controller receives a specific debug command. As another example, the security mode of the storage device can also be switched to debug mode 1340 when an authentication procedure for debugging has been performed in response to a manufacturer's debugging request or when a specific authentication key or token used to start a debugging session has been verified. However, this disclosure is not limited to these, and the security mode of the storage device can be switched to debug mode 1340 under various conditions.

[0144] In one embodiment, the storage controller can monitor how the storage device is being debugged and send a debug signal to the security management module based on the monitoring results. In response to receiving the debug signal, the security manager can switch the storage device's current security mode to debug mode 1340. In one embodiment, when switching the storage device's current security mode to debug mode 1340, the security manager can initialize or invalidate security data stored in the security data buffer.

[0145] When the storage device is no longer being debugged, its security mode can be switched from debug mode 1340 to its original security mode among unauthenticated mode 1310, authenticated mode 1320, and zeroing mode 1330 via S1344, S1345, and S1346. For example, when the debug port has been disabled or the debug authentication key or token has expired after the debug session terminates, the storage device's security mode can be switched from debug mode 1340 to its original security mode. The original security mode is the security mode of the storage device at the last moment before it was switched to debug mode 1340. Therefore, if the storage device's security mode was initially in unauthenticated mode 1310 before being switched to debug mode 1340 via S1341, the original security mode is unauthenticated mode 1310, and when the storage device is no longer being debugged, its security mode can be switched back from debug mode 1340 to unauthenticated mode 1310 via S1344. Similarly, if the storage device's security mode was initially in authentication mode 1320 before being switched to debug mode 1340 in S1342, the original security mode is authentication mode 1320, and when the storage device is no longer being debugged, the storage device's security mode can be switched back from debug mode 1340 to authentication mode 1320 in S1345. Likewise, if the storage device's security mode was initially in zeroing mode 1330 before being switched to debug mode 1340 in S1343, the original security mode is zeroing mode 1340, and when the storage device is no longer being debugged, the storage device's security mode can be switched back from debug mode 1340 to zeroing mode 1330 in S1346. For example, when the debug request is withdrawn after the manufacturer's debugging work is completed, the storage device's security mode can also be switched from debug mode 1340 to the original security mode. However, this disclosure is not limited to this, and the storage device's security mode can be switched from debug mode 1340 to the original security mode under various conditions.

[0146] In one embodiment, the storage controller can monitor how the storage device is being debugged and send a signal to the security management module indicating that debugging has ended based on the monitoring results. Upon receiving the signal indicating that debugging has ended, the security manager can switch the storage device's current security mode back to the original security mode 1340 that it was in before being switched to debug mode.

[0147] When the storage device is in a faulty state or a security threat is detected, the storage device's security mode can switch to anomaly mode 1350 via S1351, S1352, and S1353 from one of the unauthenticated mode 1310, authenticated mode 1320, and zeroing mode 1330. For example, when the storage controller has detected a physical or logical error in the storage device itself and therefore cannot continue normal operation (device failure) or authentication fails due to non-compliance with the Federal Information Processing Standard (FIPS) certification requirements (FIPS failure), the storage device's security mode can switch to anomaly mode 1350 from any of the unauthenticated mode 1310, authenticated mode 1320, and zeroing mode 1330. Furthermore, when an abnormal operation from an external source is detected, such as when an abnormal situation occurs that the CPU cannot handle (CPU error) or when a fault injection attack on the memory or computing device is detected, the storage device's security mode can switch to anomaly mode 1350. Additionally, when a cryptographic hardware failure is detected or an unexpected situation such as data integrity corruption occurs, the storage device's security mode can also switch to anomaly mode 1350. However, this disclosure is not limited thereto, and the safe mode of the storage device can be switched to abnormal mode 1350 under various conditions.

[0148] In one embodiment, the storage controller can monitor whether the storage device is in an abnormal state and, based on determining that the storage device is in an abnormal state, send a signal indicating that the storage device is in an abnormal state to the security management module. In response to receiving this signal, the security manager can switch the storage device's current security mode from one of the unauthenticated mode 1310, the authenticated mode 1320, and the zeroing mode 1330 to the abnormal mode 1350. In one embodiment, when the storage device's current security mode has been switched to the abnormal mode 1350, the security manager can initialize or invalidate data stored in the secure storage device, the secure data buffer, and the secure data address table.

[0149] In S1354, when the storage device has returned to a normal state, the security mode of the storage device can switch from abnormal mode 1350 to unauthenticated mode 1310. For example, when the storage device returns to a normal state through a power cycle or when device formatting has been performed on the storage device, the security mode of the storage device can switch from abnormal mode 1350 to unauthenticated mode 1310. However, this disclosure is not limited to this, and the security mode of the storage device can switch from abnormal mode 1350 to unauthenticated mode 1310 under various conditions.

[0150] In one embodiment, the storage controller can monitor whether the storage device has returned to a normal state and, based on determining that the storage device has returned to a normal state, send a signal to the security management module indicating that the storage device has returned to a normal state. In response to receiving the signal indicating that the storage device has returned to a normal state, the security manager can switch the current security mode of the storage device from abnormal mode 1350 to unauthenticated mode 1310.

[0151] Figure 14 This is a flowchart illustrating an example of a method 1400 for switching security modes according to some embodiments of the present disclosure. In some embodiments, the method 1400 for switching security modes may be performed by a security manager of a security management module (e.g., Figure 1 The security manager 122 in the memory is responsible for implementing this. In some embodiments, the method 1400 for switching security modes may be implemented by a second processor core of the storage controller (e.g., ...). Figure 9 The second processor core 920 implements the method 1400 for switching safe modes. In the following description, the method 1400 for switching safe modes is implemented by the security manager, but the second processor core 920 may also implement the method 1400 for switching safe modes in a similar manner.

[0152] refer to Figure 14 In S1410, the security manager of the security management module can receive an initialization signal. For example, the security manager can receive an initialization signal from the storage controller. The storage controller can, in response to receiving an initialization command from the host device 20, verify whether the host device 20 or the subject accessed through the host device 20 can be trusted. When the authentication request from the host device 20 has been approved, the storage controller can send an initialization signal to the security management module.

[0153] In S1420, the security manager can switch the current security mode of the storage device to zero-level mode in response to receiving an initialization signal. In one embodiment, the security manager can switch the current security mode of the storage device from authentication mode to zero-level mode in response to receiving an initialization signal.

[0154] In S1430, after switching the current security mode of the storage device to zero-level mode, the security manager can initialize or invalidate (e.g., zero out) the data stored in the security memory device, security data buffer, security data address table, and external memory device. Then, in S1440, the security manager can send a response to an initialization signal. For example, the response to the initialization signal may include a signal indicating that the initialization of the security data has been completed, but this disclosure is not limited thereto.

[0155] refer to Figure 14The flowcharts and descriptions are merely exemplary and may be constructed differently in some embodiments. For example, in some embodiments, the order of steps may be changed, some steps may be repeated, some steps may be skipped, or some steps may be added.

[0156] Figure 15 This is a flowchart illustrating an example of a method 1500 for switching security modes according to some embodiments of the present disclosure. In some embodiments, the method 1500 for switching security modes may be performed by a security manager of a security management module (e.g., Figure 1 The security manager 122 in the memory is responsible for implementing the method 1500 for switching security modes. In some embodiments, the method 1500 for switching security modes may be implemented by the second processor core of the storage controller (e.g., Figure 9 The second processor core 920 implements the method 1500 for switching safe modes. In the following description, the method 1500 for switching safe modes is implemented by the security manager, but the second processor core 920 may also implement the method 1500 for switching safe modes in a similar manner.

[0157] refer to Figure 15 In S1510, the security manager of the security management module can receive debugging signals. For example, the security manager can receive debugging signals from the storage controller. The storage controller can monitor how the storage device is being debugged and send debugging signals to the security management module based on the monitoring results.

[0158] In S1520, the security manager can switch the current security mode of the storage device to debug mode in response to receiving a debug signal. In one embodiment, the security manager can switch the current security mode of the storage device to debug mode from unauthenticated mode, authenticated mode, and zero-based mode in response to receiving a debug signal.

[0159] In S1530, after switching the storage device's current security mode to debug mode, the security manager can initialize or invalidate the data stored in the security data buffer. Then, in S1540, the security manager can send a response to a debug signal. For example, the response to a debug signal may include a signal indicating that the initialization of the security data buffer has been completed, but this disclosure is not limited thereto.

[0160] In addition, the security manager can receive a signal from the storage controller indicating that debugging has ended, and in response, switch the storage device's current security mode back to the mode it was in before being switched to debug mode (e.g., the original security mode described herein). The storage controller can monitor how the storage device is being debugged and send a signal indicating that debugging has ended to the security management module based on the monitoring results.

[0161] refer to Figure 15The flowcharts and descriptions are merely exemplary and may be constructed differently in some embodiments. For example, in some embodiments, the order of steps may be changed, some steps may be repeated, some steps may be skipped, or some steps may be added.

[0162] Figure 16 This is a flowchart illustrating an example of a method 1600 for switching security modes according to some embodiments of the present disclosure. In some embodiments, the method 1600 for switching security modes may be provided by a security manager of a security management module (e.g., Figure 1 The security manager 122 in the memory is responsible for implementing this. In some embodiments, the method 1600 for switching security modes may be implemented by a second processor core of the storage controller (e.g., Figure 9 The second processor core 920 implements the method 1600 for switching safe modes. In the following description, the method 1600 for switching safe modes is implemented by the security manager, but the second processor core 920 may also implement the method 1600 for switching safe modes in a similar manner.

[0163] refer to Figure 16 In S1610, the security manager of the security management module can receive abnormal status signals. For example, the security manager can receive abnormal status signals from the storage controller. The storage controller can monitor whether the storage device is in an abnormal state and, based on determining that the storage device is in an abnormal state, send an abnormal status signal indicating that the storage device is in an abnormal state to the security management module.

[0164] In S1620, the security manager can switch the current security mode of the storage device to an abnormal mode in response to receiving an abnormal status signal. In one embodiment, the security manager can switch the current security mode of the storage device to an abnormal mode from unauthenticated mode, authenticated mode, and zeroing mode in response to receiving an abnormal status signal.

[0165] In S1630, after switching the storage device's current security mode to an abnormal mode, the security manager can initialize or invalidate (e.g., zero out) the data stored in the secure memory device, secure data buffer, and secure data address table. Then, in S1640, the security manager can send a response to an abnormal state signal. For example, the response to an abnormal state signal may include a signal indicating that the initialization of secure data has been completed, but this disclosure is not limited thereto.

[0166] Furthermore, after the security data is initialized, the security manager can receive a normal status signal from the storage controller and, in response, switch the storage device's current security mode back to its original security mode before it was switched to the abnormal mode. The storage controller can monitor whether the storage device has recovered to a normal state and, based on this determination, send a normal status signal to the security management module.

[0167] refer to Figure 16 The flowcharts and descriptions are merely exemplary and may be constructed differently in some embodiments. For example, in some embodiments, the order of steps may be changed, some steps may be repeated, some steps may be skipped, or some steps may be added.

[0168] Figure 17 This is a view illustrating a method of operation of a storage system according to some embodiments of the present disclosure. In the following, descriptions that are repeated above will be skipped or summarized.

[0169] refer to Figure 17 In S1701, host device 20 can send commands related to security data to storage controller 110. Commands related to security data may include requests for allocation of storage space to store security data (e.g., ...). Figure 10 Information for (registration operations), used to request reading secure data (e.g., Figure 12 Information for (read operations) or for requesting to write secure data (e.g., Figure 11 This disclosure includes information on write operations, but is not limited thereto.

[0170] In S1702, in response to receiving a command related to security data from host device 20, storage controller 110 may perform an authentication process on host device 20 and determine whether the authentication has been approved. In one embodiment, as part of the authentication process, in response to receiving a command related to security data from host device 20, storage controller 110 may verify whether the subject attempting to access the storage device through host device 20 can be trusted. In S1703, when the authentication request from host device 20 is not approved, storage controller 110 may send an authentication failure signal to host device 20. When the authentication request from host device 20 is not approved, at least some of the remaining steps S1704 to S1713 may not be performed. In S1704, when the authentication request from host device 20 is approved, storage controller 110 may send an authentication approval signal to security manager 122.

[0171] In S1705, in response to receiving an authentication approval signal from the storage controller 110, the security manager 122 can switch the current security mode of the storage device to the authentication mode.

[0172] After switching the current security mode to authentication mode in S1705, in S1706, the storage controller 110 may send a security mode-related signal to the security manager 122. In one embodiment, the security mode-related signal may include any one of an initialization signal, a debugging signal, and an abnormal status signal. In S1707, in response to receiving the security mode-related signal from the storage controller 110, the security manager 122 may switch the current security mode of the storage device to the mode associated with the received signal. For example, if the security mode-related signal includes an initialization signal, the current security mode may switch to initialization mode; or if the security mode-related signal includes a debugging signal, the current security mode may switch to debugging mode; or if the security mode-related signal includes an abnormal status signal, the current security mode may switch to abnormal mode.

[0173] In S1708, the storage controller 110 may send commands related to security data to the security manager 122. In S1709, in response to receiving commands related to security data from the storage controller 110, the security manager 122 may determine the current security mode of the storage device. Furthermore, in S1710, based on the current security mode of the storage device, the security manager 122 may determine whether access to security data is permitted.

[0174] In S1711, when the security manager 122 determines that access to secure data can be permitted, the security manager 112 can perform operations related to the received command. In one embodiment, the security manager 122 can access at least one of a secure storage device, a secure data buffer, a secure data address table, and an external storage device to perform operations related to the received command. The received command may be, for example, a read command, a write command, etc. In one embodiment, after performing operations related to the received command, the security manager 122 can switch the security mode of the storage device from an authenticated mode to an unauthenticated mode.

[0175] Subsequently, in S1712, the security manager 122 may send a response to the storage controller 110 including the result of the operation. Here, the response including the result of the operation may include at least one of the following: a signal indicating that the allocation of storage space for storing security data has been completed, a signal indicating that the operation of writing security data has been completed, security data that has been read, and a signal indicating that the operation of reading security data has been completed, but this disclosure is not limited thereto.

[0176] When the security manager 122 determines that access to secure data is not permitted, the security manager 112 may send a response including an access denied signal to the storage controller 110 in S1712.

[0177] Then, in S1713, the storage controller 110 may send a response to the command to the host device 20 based on the response received from the security manager 122. In one embodiment, the response to the command may include a response containing the result of performing the operation when the requested operation has already been performed, and the response to the command may include a response containing an access denied signal when the requested operation has not been performed.

[0178] exist Figure 17 In this embodiment, S1701 to S1705 related to the authentication process are executed before S1706 to S1707 related to the security mode switching, but this disclosure is not limited thereto. Instead, in some embodiments, S1701 to S1705 related to the authentication process may be executed after S1706 to S1707 related to the security mode switching, or at least some of S1701 to S1705 related to the authentication process and at least one of S1707 to S1707 related to the security mode switching may be executed in parallel. Furthermore, depending on the state of the storage device, S1706 to S1707 related to the security mode switching may be skipped.

[0179] In some embodiments, the above has been referenced Figure 17 The operations described by the security manager 122 can also be performed by the second processor core of the storage controller 110 (e.g., Figure 9 The second processor core (920) is implemented.

[0180] Figure 18 This is a block diagram illustrating an example of how a storage system according to an embodiment of the present disclosure is applied to an SSD system 1800.

[0181] refer to Figure 18 The SSD system 1800 may include a host device 1810 and an SSD 1820. The SSD 1820 can exchange signals (SIG) with the host device 1810 via a signal connector and can receive power (PWR) via a power connector. The SSD 1820 may include an SSD controller 1821, an auxiliary power supply 1822, and memory devices (1823_1, 1823_2, ..., 1823_n, where n is a natural number equal to or greater than 2). Here, the SSD controller 1821 can exchange commands, addresses, data, etc., with each memory device (1823_1, 1823_2, ..., 1823_n, where n is a natural number equal to or greater than 2) through each channel (Ch1, Ch2, ..., Chn, where n is a natural number equal to or greater than 2).

[0182] In one embodiment, the storage devices (1823_1, 1823_2, ..., 1823_n) can be vertically stacked NAND flash memory devices. In this case, it can be achieved by applying... Figures 1 to 17 The illustrated embodiment forms the SSD 1820. Specifically, the SSD controller 1821 included in the SSD 1820 may include a security management module 1824 designed to manage secure data. The security management module 1824 can manage the security mode of the SSD 1820, control access to the SSD 1820 based on its current security mode, and perform operations related to secure data.

Claims

1. A storage device, the storage device comprising: Memory devices; and The storage controller includes a security management module for managing secure data on the storage device. The security management module includes: A security manager configured to: receive commands related to the security data; determine the current security mode of the storage device in response to receiving the commands; and control access to the security data based on the current security mode, wherein the current security mode includes one of a first security mode, a second security mode, and a third security mode, wherein in the first security mode the security manager is configured to allow access to the security data, in the second security mode the security manager is configured to allow restricted access to the security data, and in the third security mode the security manager is configured to block access to the security data.

2. The storage device as claimed in claim 1, wherein, The security management module further includes: a security storage device and a security data buffer. The security storage device is configured to store at least some of the security data, and the security data buffer is configured to temporarily store first security data read from the security storage device, wherein the first security data is a portion of the security data stored in the security storage device. The security manager is configured to read the first security data temporarily stored in the security data buffer when a read operation is performed on the security storage device.

3. The storage device according to claim 2, wherein, The third security mode of the storage device includes an unauthenticated mode, and In response to determining that the current security mode is the unauthenticated mode, the security manager blocks access to the security data.

4. The storage device according to claim 3, wherein, The first security mode includes authentication mode. The storage controller is configured to determine whether to approve an authentication request from the host device, and in response to approval of the authentication request, to send an authentication approval signal to the security management module. The security manager is configured to switch the current security mode from the unauthenticated mode to the authenticated mode in response to receiving the authentication approval signal, and the security manager is configured to allow at least one of a read operation or a write operation to be performed on the secure storage device in response to determining that the current security mode is the authenticated mode.

5. The storage device according to claim 4, wherein, The security manager is configured to switch the current security mode from the authenticated mode to the unauthenticated mode in response to the completion of at least one of a read operation or a write operation on the secure storage device.

6. The storage device according to claim 4, wherein, The second security mode includes zeroing mode. The storage controller is configured to send an initialization signal to the security management module in response to an initialization request from the host device, and The security manager is configured to: in response to receiving the initialization signal, switch the current security mode from the authentication mode to the zeroing mode, and in response to determining that the current security mode is the zeroing mode, initialize the security data stored in each of the security memory device and the security data buffer.

7. The storage device according to claim 6, wherein, The security manager is configured to, in response to determining that the current security mode is the zero-mode, allow read operations on the secure memory device and prevent write operations on the secure memory device.

8. The storage device according to claim 2, wherein, The second security mode of the storage device includes a debug mode. The storage controller is configured to monitor the debugging status of the storage device and send debugging signals to the security management module based on the monitored debugging status. The security manager is configured to switch the current security mode to the debug mode in response to receiving the debug signal, and the security manager is configured to initialize the first security data stored in the security data buffer in response to determining that the current security mode is the debug mode.

9. The storage device according to claim 8, wherein, The security manager is configured to allow read operations on the secure data buffer and prevent write operations on the secure memory device in response to determining that the current security mode is the debug mode.

10. The storage device according to claim 2, wherein, The third security mode of the storage device includes an anomaly mode. The storage controller is configured to monitor whether the storage device is in an abnormal state, and based on determining that the storage device is in the abnormal state, send an abnormal state signal indicating that the storage device is in the abnormal state to the security management module. The security manager is configured to switch the current security mode to the abnormal mode in response to receiving the abnormal status signal, and the security manager is configured to initialize the security data stored in each of the security storage device and the security data buffer in response to determining that the current security mode is the abnormal mode.

11. The storage device according to claim 10, wherein, The security manager is configured to prevent read and write operations from being performed on the secure storage device in response to determining that the current security mode is the abnormal mode.

12. The storage device according to claim 2, wherein, The security management module also includes a security data address table for managing the address data of the security data. This security data address table is managed by the security manager. The security manager stores the start and end addresses of the security data in the security data address table.

13. The storage device of claim 12, further comprising an external storage device storing some of the security data, wherein, The external storage device is separate from the security management module, and the external storage device is configured to be accessed by the security manager, wherein... The security manager is configured to store information indicating that the security data has been stored in the external storage device in the security data address table. The secure data buffer is configured to temporarily store second secure data read from the external memory device, wherein the second secure data is a portion of the secure data stored on the external memory device. The security manager is configured to read the second security data temporarily stored in the security data buffer when a read operation is performed on the external storage device.

14. A storage device, the storage device comprising: Memory devices; and A storage controller includes: a first processor core for controlling non-security-related operations of the storage device; a second processor core for controlling secure operations of the storage device; and a security management module configured to be accessed by the second processor core. The security management module includes a security storage device and a security data buffer. The security storage device is configured to store at least some security data from the security data in the storage device. The security data buffer is configured to temporarily store first security data read from the security storage device, wherein the first security data is a portion of the security data stored in the security storage device. The second processor core is configured to: receive a command related to the security data; determine the current security mode of the storage device in response to receiving the command related to the security data; and determine, based on the current security mode, whether to perform an operation related to the secure storage device. The second processor core is configured to read the first secure data temporarily stored in the secure data buffer when performing a read operation on the secure memory device.

15. The storage device according to claim 14, wherein, One of the security modes of the storage device is an unauthenticated mode, and The second processor core is configured to prevent operation on the secure memory device in response to determining that the current security mode is the unauthenticated mode.

16. The storage device according to claim 15, wherein, One of the security modes is the authentication mode, and The second processor core is configured to: determine whether to approve an authentication request from the host device; And in response to the approval of the authentication request, the current security mode is switched to the authentication mode; And in response to determining that the current security mode is the authentication mode, allowing at least one of a read operation or a write operation to be performed on the secure memory device.

17. The storage device according to claim 16, wherein, One of the security modes is the zero-based mode. The first processor core is configured to: in response to an initialization request from the host device, send an initialization signal to the second processor core, and The second processor core is configured to: in response to receiving the initialization signal, switch the current security mode from the authentication mode to the zeroing mode, and in response to determining that the current security mode is the zeroing mode, initialize the security data stored in each of the security memory device and the security data buffer.

18. The storage device according to claim 14, wherein, One of the security modes is debug mode. The first processor core is configured to: monitor the debug status of the storage device, and send a debug signal to the second processor core based on the monitored debug status; The second processor core is configured to switch the current security mode to the debug mode in response to receiving the debug signal, and the second processor core is configured to initialize the first security data stored in the security data buffer in response to determining that the current security mode is the debug mode.

19. The storage device according to claim 14, wherein, One of the security modes is the abnormal mode. The first processor core monitors whether the storage device is in an abnormal state, and the first processor core is configured to send an abnormal state signal indicating that the storage device is in the abnormal state to the second processor core based on determining that the storage device is in the abnormal state. The second processor core is configured to switch the current security mode to the abnormal mode in response to receiving the abnormal state signal, and the second processor core is configured to initialize the security data stored in each of the security memory device and the security data buffer in response to determining that the current security mode is the abnormal mode.

20. A storage device, the storage device comprising: Memory devices; and A storage controller includes: a first processor core for controlling non-security-related operations of the storage device; a second processor core for controlling secure operations of the storage device; and a security management module configured to be accessed by the second processor core. The security management module includes: A secure storage device, the secure storage device being configured to store a first portion of secure data from the storage device; An external memory device configured to store a second portion of the secure data, wherein the external memory device is configured to be accessed by the second processor core; and A secure data buffer, configured to temporarily store secure data read from the secure memory device or the external memory device. The current security mode of the storage device includes one of the following: unauthenticated mode, authenticated mode, zeroing mode, debug mode, and abnormal mode. The second processor core is configured to: receive commands related to the security data; determine the current security mode of the storage device in response to receiving the commands related to the security data; and control access to the secure memory device and the external memory device based on the determined current security mode. The second processor core is configured to read the secure data temporarily stored in the secure data buffer when performing a read operation on the secure memory device or the external memory device.