Data protection method of flash memory device and flash memory device
By decrypting and verifying the encrypted data on the storage device, and combining this with the initialization strategy of the TCG protocol stack, the problems of easy leakage of security configuration information and data inconsistency in the TCG-OPAL protocol are solved, thereby improving data security and consistency.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- DAPUSTOR CORP
- Filing Date
- 2024-12-10
- Publication Date
- 2026-06-12
Smart Images

Figure CN122197100A_ABST
Abstract
Description
Technical Field
[0001] This application relates to the field of data transmission security technology, and in particular to a data protection method for flash memory devices and a flash memory device. Background Technology
[0002] In modern storage devices, the security of sensitive information and controlled user data is paramount. To ensure data confidentiality and integrity, many storage devices employ the TCG-OPAL protocol defined by the Trusted Computing Group (TCG). This protocol specifies the data structures and functions for various security configuration information, primarily used to manage security measures such as device access control, authentication, and key management.
[0003] However, although the TCG-OPAL protocol defines the data structure and function of secure configuration information, many storage devices still store and access this information in plaintext, which poses a risk of information leakage during access. If an unauthorized attacker gains access to this secure configuration information, they could impersonate a legitimate user, obtain controlled data, or even maliciously tamper with or leak data. Furthermore, the TCG-OPAL protocol requires user business data to be encrypted before being written to the storage medium and decrypted upon retrieval; however, in practice, inconsistencies still exist between decrypted and unencrypted data. Therefore, existing technical solutions have room for improvement in terms of data confidentiality, consistency, and performance optimization. Summary of the Invention
[0004] Based on the above problems, this application provides a data protection method and a flash memory device, with the aim of reducing the risk of security configuration information leakage and improving the security of security configuration information and target business data in the flash memory device.
[0005] In a first aspect, embodiments of this application provide a data protection method for a flash memory device, wherein the flash memory device stores encrypted target data, the target data including security configuration information and user service data, the security configuration information being used to initialize a TCG protocol stack, and the method comprising:
[0006] Obtain the encrypted target data and decrypt the encrypted target data;
[0007] Verify the decrypted target data and obtain the verification result;
[0008] The initialization strategy of the TCG protocol stack is determined based on the verification result of the security configuration information, so that the flash memory device can perform security protection on the target data based on the initialized TCG protocol stack.
[0009] In one embodiment, the method for generating the encrypted target data includes:
[0010] The target data is processed based on a preset verification algorithm to generate target data feature values corresponding to the target data;
[0011] The target data and its feature values are encrypted using a preset encryption algorithm to obtain the encrypted target data.
[0012] In one embodiment, the step of obtaining the encrypted target data and decrypting the encrypted target data includes:
[0013] The encrypted target data is obtained, and the encrypted target data is decrypted according to a preset decryption algorithm to obtain the decrypted target data and target data feature values.
[0014] In one embodiment, verifying the decrypted target data to obtain a verification result includes:
[0015] The first verification information corresponding to the target data is determined according to the type of the preset verification algorithm;
[0016] The decrypted target data is processed based on the preset verification algorithm to generate second verification information corresponding to the decrypted target data.
[0017] The first verification information is compared with the second verification information to obtain the verification result.
[0018] In one embodiment, determining the initialization strategy of the TCG protocol stack based on the verification result of the security configuration information includes:
[0019] If the verification result of the security configuration information indicates that the first verification information and the second verification information are the same, then the decrypted security configuration information is determined to be valid, and the TCG protocol stack is initialized according to the decrypted security configuration information.
[0020] If the verification result of the security configuration information indicates that the first verification information and the second verification information are different, then the decrypted security configuration information is determined to be invalid, and the corresponding initialization strategy is executed according to the state of the flash memory device.
[0021] In one embodiment, the flash memory device further stores default security configuration information, and the step of executing the corresponding initialization strategy according to the state of the flash memory device includes:
[0022] If the flash memory device is in factory reset state, the TCG protocol stack is initialized according to the default security configuration information;
[0023] If the flash memory device is not in factory reset state, a security configuration information missing error will be output.
[0024] In one embodiment, the method further includes:
[0025] Determine the type of service request issued by the host;
[0026] If the type of the business request is a user business data write request or a security configuration information setting request, then the data to be written in the business request is parsed and the data to be written is calculated based on a preset verification algorithm to generate a data feature value corresponding to the data to be written.
[0027] The data to be written and its feature values are encrypted using a preset encryption algorithm to obtain encrypted data to be written and then written to a non-volatile storage medium.
[0028] If the type of the service request is a user service data read request or a security configuration information acquisition request, then based on the service request, the encrypted data to be read is read from the non-volatile storage medium, and the encrypted data to be read is decrypted.
[0029] The decrypted data to be read is verified. If the verification passes, the decrypted data to be read is returned to the host. If the verification fails, a non-volatile storage medium error is output.
[0030] In one embodiment, the decryption operation includes a decryption operation implemented at the host sector level.
[0031] In one embodiment, the encryption operation includes encryption operations implemented at the host sector level.
[0032] Secondly, embodiments of this application also provide a data protection device for a flash memory device, wherein the flash memory device stores encrypted target data, the target data including security configuration information and user service data, the security configuration information being used to initialize the TCG protocol stack; the device includes:
[0033] A decryption unit is used to obtain the encrypted target data and perform a decryption operation on the encrypted target data;
[0034] The verification unit is used to verify the decrypted target data and obtain the verification result.
[0035] The determining unit is used to determine the initialization strategy of the TCG protocol stack based on the verification result of the security configuration information, so that the flash memory device can perform security protection on the target data based on the initialized TCG protocol stack.
[0036] Thirdly, embodiments of this application also provide a flash memory device, including:
[0037] Central processing unit, memory, input / output interfaces;
[0038] The memory is either a short-term storage memory or a persistent storage memory;
[0039] The central processing unit is configured to communicate with the memory and execute instructions in the memory to perform any of the above-described data protection methods for the flash memory device.
[0040] As can be seen from the above technical solutions, the embodiments of this application have the following advantages:
[0041] This application embodiment obtains encrypted target data and decrypts it; verifies the decrypted target data to obtain a verification result; and determines the initialization strategy of the TCG protocol stack based on the verification result of the security configuration information, so that the flash memory device can provide security protection for the target data based on the initialized TCG protocol stack. This application embodiment utilizes encryption and decryption mechanisms to protect security configuration information, and combines this with a verification mechanism to ensure the integrity of the security configuration information, significantly reducing the risk of security configuration information leakage, preventing unauthorized users from tampering with or leaking data on the flash memory device, and significantly improving the security protection capabilities of the storage device. Attached Figure Description
[0042] To more clearly illustrate the technical solutions in the embodiments of the present invention or the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, the drawings described below are only embodiments of the present invention. For those skilled in the art, other drawings can be obtained based on the provided drawings without creative effort.
[0043] Figure 1 This is a schematic flowchart of a data protection method for a flash memory device provided in an embodiment of this application;
[0044] Figure 2 This is a schematic flowchart of an encrypted target data generation method provided in an embodiment of this application;
[0045] Figure 3 This is a schematic diagram of a decryption operation process provided in an embodiment of this application;
[0046] Figure 4 This application provides a schematic diagram of a data verification process.
[0047] Figure 5 A schematic diagram of a TCG protocol stack initialization process provided in an embodiment of this application;
[0048] Figure 6 This is a schematic diagram of another TCG protocol stack initialization process provided in an embodiment of this application;
[0049] Figure 7 This application provides a schematic diagram of a host service request processing flow.
[0050] Figure 8 A schematic flowchart of another data protection method for a flash memory device provided in an embodiment of this application;
[0051] Figure 9 This application provides a schematic diagram of a data protection device structure for a flash memory device.
[0052] Figure 10 This is a schematic diagram of a flash memory device structure provided in an embodiment of this application. Detailed Implementation
[0053] The technical solutions of the embodiments of this application will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of this application, and not all embodiments. Based on the embodiments of this application, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of this application.
[0054] In modern storage devices, the security of sensitive information and controlled user data is paramount. To ensure data confidentiality and integrity, many storage devices employ the TCG-OPAL protocol defined by the Trusted Computing Group (TCG). This protocol specifies the data structures and functions for various security configuration information, primarily used to manage security measures such as device access control, authentication, and key management.
[0055] However, although the TCG-OPAL protocol defines the data structure and function of secure configuration information, many storage devices still store and access this information in plaintext, which poses a risk of information leakage during access. If an unauthorized attacker gains access to this secure configuration information, they could impersonate a legitimate user, obtain controlled data, or even maliciously tamper with or leak data. Furthermore, the TCG-OPAL protocol requires user business data to be encrypted before being written to the storage medium and decrypted upon retrieval; however, in practice, inconsistencies still exist between decrypted and unencrypted data. Therefore, existing technical solutions have room for improvement in terms of data confidentiality, consistency, and performance optimization.
[0056] The various embodiments of this application will now be described in further detail with reference to the accompanying drawings.
[0057] The data protection method for flash memory devices provided in this application can be applied in scenarios where sensitive data needs to be protected and unauthorized access prevented, especially for the security protection of security configuration information and user business data based on the TCG-OPAL protocol.
[0058] The flash memory device can be a solid-state drive (SSD), a high-speed serial computer expansion bus standard solid-state drive (Peripheral Component Interconnect Express Solid State Drive, PCIe SSD), or other NAND flash memory-based storage devices, etc., and is not limited here. For ease of description, the following uses an SSD as an example for illustration.
[0059] This application provides a data protection method for a flash memory device. The flash memory device stores encrypted target data, which includes security configuration information and user service data. The security configuration information is used to initialize the TCG protocol stack, such as... Figure 1 As shown, the method includes steps S101-S103.
[0060] S101: Obtain the encrypted target data and decrypt it.
[0061] First, it's important to understand that the core objective of the TCG-OPAL protocol is to manage user data access permissions and partition encryption. To this end, the TCG-OPAL protocol defines multiple security configuration information entries to store critical information such as user identity, access control permissions, storage space limits, and encryption keys. In the TCG-OPAL protocol, all security configuration information can be organized according to function or category. Security configuration information is typically stored in a table structure, hence it can also be referred to as management table entry information. The specific form of security configuration information can be simple key-value pairs or more complex arrays or nested structures, depending on the hardware and firmware design. Therefore, security configuration information is not limited to a specific table or data format.
[0062] Based on their purpose, security configuration information can be divided into at least two types: one is read-only, unmodifiable, and factory-preset default security configuration information (including basic settings and default values at the time of device shipment, such as device identifier, hardware version, system initialization parameters, and default passwords or authentication mechanisms). Since this security configuration information is only used when the flash memory device is first started or restored to its factory state, and does not involve any sensitive user data, it can be made public without additional encryption or security processing.
[0063] Another type is user-modifiable security configuration information. This type of security configuration information is modified by the user according to actual needs and covers sensitive data such as user identity, access control permissions, storage space allocation, and encryption keys. To ensure the security of this user data and prevent unauthorized access by unauthorized users, encryption protection is required.
[0064] As shown above, the TCG protocol stack is a security framework designed to protect user data, control access permissions, and encrypt storage space. When the SSD powers on, the TCG protocol stack needs to be loaded and initialized to ensure the security of user data during subsequent business requests. To initialize the TCG protocol stack, the necessary security configuration information must first be acquired and decrypted. Specifically, the SSD reads the encrypted security configuration information from the storage medium (such as NAND flash memory) via the data channel and loads it into DDR (Double Data Rate) memory, which is used for running code and storing temporary data. Then, a preset decryption algorithm is used to decrypt the encrypted security configuration information. The decrypted security configuration information is temporarily stored in plaintext in the DDR, providing support for subsequent protocol stack initialization.
[0065] After initializing the TCG protocol stack, the SSD can securely protect the target data in the host's service requests. For example, when a user requests to read data, the device reads the encrypted user service data from the storage medium (such as NAND flash memory) through the data channel and loads it into the DDR. Subsequently, it decrypts the encrypted user service data using a preset decryption algorithm and temporarily stores the decrypted user service data in plaintext form in the DDR for later verification. Based on the verification result, it determines whether to transmit the user service data to the host or trigger the corresponding error handling process.
[0066] S102: Verify the decrypted target data and obtain the verification result.
[0067] After the flash memory device decrypts the encrypted target data, it needs to verify the decrypted data to ensure it hasn't been tampered with or corrupted during transmission. Verification methods can include Cyclic Redundancy Check (CRC), hash verification (such as SHA-256 or SHA-512), or checksums. The verification result can be "pass" or "fail," confirming whether the decrypted target data is trustworthy.
[0068] S103: Determine the initialization strategy of the TCG protocol stack based on the verification result of the security configuration information, so that the flash memory device can perform security protection on the target data based on the initialized TCG protocol stack.
[0069] Based on the verification result (i.e., whether the verification in S102 passes), the flash memory device will decide how to initialize the TCG protocol stack. If the verification passes, it indicates that the decrypted security configuration information is valid, and the flash memory device will initialize the TCG protocol stack and begin executing user data access control, encryption, and other security protection measures according to its specifications. If the verification fails, it means that the security configuration information in the acquired target data may have been tampered with or corrupted, and the flash memory device may refuse to start or take other protective measures to ensure that the system's security is not threatened.
[0070] This application embodiment obtains encrypted target data and decrypts it; verifies the decrypted target data to obtain a verification result; and determines the initialization strategy of the TCG protocol stack based on the verification result of the security configuration information, so that the flash memory device can provide security protection for the target data based on the initialized TCG protocol stack. This application embodiment utilizes encryption and decryption mechanisms to protect the target data, and combines this with a verification mechanism to ensure the integrity of the target data, significantly reducing the risk of leakage of security configuration information and user business data, preventing unauthorized users from tampering with or leaking data on the flash memory device, and significantly improving the security protection capabilities of the storage device.
[0071] In one embodiment, please refer to Figure 2 , Figure 2 This is a flowchart illustrating a method for generating encrypted target data. The method specifically includes steps S201 and S202:
[0072] S201: Perform calculations on the target data based on a preset verification algorithm to generate target data feature values corresponding to the target data;
[0073] S202: Encrypt the target data and its feature values using a preset encryption algorithm to obtain encrypted target data.
[0074] Understandably, according to the behavioral specifications of the TCG-OPAL protocol, any modification to the security configuration information by the user (such as configuring a new encrypted access range) will cause the corresponding configuration table entries to be updated. Therefore, the updated security configuration information needs to be encrypted before storage. In addition, every time the host issues a new data write request, the data to be written in the new data write request needs to be encrypted before storage to ensure the security of the user's sensitive data.
[0075] The specific encryption process can begin by applying a preset verification algorithm (such as SHA-256, CRC, etc.) to the target data to generate a fixed-length target data feature value. After generating the target data feature value, the target data and the target data feature value are concatenated. For example, the target data feature value can be appended to the end of the target data. Then, the concatenated target data and the target data feature value are encrypted together based on the preset encryption algorithm to obtain the encrypted target data.
[0076] In this embodiment, encryption operations can be implemented either by software or hardware. In an SSD, software refers to the firmware running on the SSD, while hardware refers to the secure computing module embedded in the SSD controller chip. The specific implementation method depends on the project's needs, performance requirements, and the actual implementation situation. For example, software encryption can be accomplished through encryption algorithms, such as running a corresponding encryption program on the central processing unit (CPU) of the storage device. When the data volume is small or the encryption requirements are relatively simple, the encryption operation can be directly executed by software. Hardware encryption, on the other hand, is performed through a dedicated hardware module within the device. For instance, a dedicated encryption module (such as a hardware encryption engine, typically a hardware encryption coprocessor or secure computing module) can be integrated into the storage device. These modules can efficiently perform encryption operations (such as AES-128, AES-256, etc.) on large amounts of user data, thereby reducing the CPU load.
[0077] Please refer to Figure 3 , Figure 3 This is a schematic diagram of a decryption operation process. In one embodiment, the method for obtaining encrypted target data and decrypting the encrypted target data includes steps S301-S302.
[0078] S301: Obtain encrypted target data;
[0079] S302: Decrypt the encrypted target data according to the preset decryption algorithm to obtain the decrypted target data and the target data feature value.
[0080] After reading the encrypted target data from the storage medium, it can be cached in DDR first, and then decrypted using a preset decryption algorithm. During the decryption process, in addition to obtaining the decrypted target data (i.e., the plaintext target data), a target data feature value will also be obtained. This target data feature value is usually attached when encrypting the target data, and can be a CRC value or hash value, etc., used to confirm that no data corruption or tampering has occurred during the decryption process.
[0081] Please refer to Figure 4 , Figure 4 This is a schematic diagram of a data verification process. In one embodiment, the method for verifying decrypted target data and obtaining the verification result includes steps S401-S403.
[0082] S401: Determine the first verification information corresponding to the target data according to the type of the preset verification algorithm;
[0083] S402: Perform calculations on the decrypted target data based on a preset verification algorithm to generate second verification information corresponding to the decrypted target data;
[0084] S403: Compare the first verification information with the second verification information to obtain the verification result.
[0085] exist Figure 4 Based on this, please refer to Figure 5 , Figure 5 This is a flowchart of TCG protocol stack initialization. The method for determining the initialization strategy of TCG protocol stack based on the verification result of security configuration information includes steps S500-S502.
[0086] S500: Determine whether the verification result of the security configuration information indicates that the first verification information and the second verification information are the same; if the verification result indicates that the first verification information and the second verification information are the same, then execute step S501; if the verification result indicates that the first verification information and the second verification information are not the same, then execute step S502.
[0087] S501: Determine that the decrypted security configuration information is valid, and initialize the TCG protocol stack based on the decrypted security configuration information.
[0088] S502: Determine that the decrypted security configuration information is invalid, and execute the corresponding initialization strategy according to the state of the flash memory device.
[0089] Specifically, in one feasible embodiment, if the type of the preset verification algorithm is CRC algorithm, then after concatenating the target data with the target data feature value, the remainder obtained by performing a modulo-2 operation on the binary number corresponding to the polynomial is used as the first verification information corresponding to the target data.
[0090] For ease of description, let's take the generator polynomial of CRC-4 checksum as: G(x) = x 4 Using +x+1 and its corresponding binary number 10011 as an example, this paper illustrates the CRC algorithm and its application in data encryption and verification.
[0091] Assuming the target data before encryption is 1101011011 (10 bits), perform a CRC-4 check on 1101011011 to generate checksum data, which will be used to verify the integrity of the data during subsequent reading. The specific steps are as follows:
[0092] Since the generator polynomial has an order of 4, four zeros need to be padded after the original data 1101011011, resulting in 11010110110000. The padded data (11010110110000) is then divided modulo-2 by the binary number corresponding to the polynomial (10011) using the rule "0 for the same number, 1 for different numbers," resulting in a remainder of 1110 (which is also the target data characteristic value corresponding to the target data 1101011011). This remainder 1110 is then appended as a check bit to the 10 bits of the original data 1101011011, resulting in 10+4 bits of data 11010110111110.
[0093] At this point, the 10+4 bits of data 11010110111110 are encrypted and stored. It's important to note that because the default verification algorithm is CRC, the first verification information is the remainder (i.e., 0) obtained by performing a modulo-2 operation on the original data (after adding a check bit, e.g., 11010110111110) and the binary number 10011. Since the check bit is obtained by modulo-2 operation on the data padded with zeros, and the 10+4 bits of data with the added check bit have formed a specific "divisibility relationship" with the binary number 10011, performing another modulo-2 operation using the same generator polynomial yields a remainder of 0. Therefore, the first verification information is 0.
[0094] When reading encrypted data, the decrypted 10+4 bits of data need to be verified to confirm whether the information bits have been tampered with or corrupted. The specific steps are as follows:
[0095] Encrypted data is read from the storage medium and decrypted to obtain 10+4 bits of data to be verified. A CRC-4 check is performed on the read 10+4 bits of data, which is done by performing a modulo-2 division operation between the read 10+4 bits and the binary number 10011 corresponding to the generator polynomial, obtaining the remainder. The remainder is used as the second verification information, and the second verification information is compared with the first verification information (0).
[0096] If the second verification value is 0, meaning it is the same as the first verification value, then the decrypted data is identical to the data before encryption, and the data has not been tampered with or damaged. In this case, the verification passes, and the data is confirmed to be valid. Subsequent processes can then proceed normally to process the decrypted data.
[0097] If the second verification information is not 0, meaning it differs from the first verification information, it indicates that the decrypted data may have changed during transmission or storage, or that there is a problem with the decryption process. In this case, the verification fails, and the data is determined to be invalid.
[0098] In another feasible embodiment, if the preset verification algorithm is a secure hash algorithm, the hash value generated by the secure hash algorithm is used as the first verification information corresponding to the target data. That is, the hash value is used as the verification bit data and the feature value corresponding to the target data. For example, the target data 1101011011 before encryption is subjected to SHA-256 hash algorithm operation to obtain 256-bit hash value A, and this hash value A is used as the first verification information. Then, 1101011011 and hash value A are concatenated in a structured format, encrypted, and stored.
[0099] When the encrypted target data needs to be read, it is read from the storage device and decrypted to obtain 10 bits of information data and a 256-bit checksum hash value. Then, using the same SHA-256 hash algorithm, the hash value A′ of the decrypted 10 bits of information data is recalculated and used as the second verification information. If the second verification information A′ matches the first verification information A, it means the information data has not been tampered with or corrupted, and the verification passes. If the second verification information A′ does not match the read first verification information A, it means the target data may have been tampered with or corrupted during transmission or storage, or there is a problem with the decryption process, and the verification fails.
[0100] Based on the above verification of the target data, if the verification of user service data in the target data passes, the user service data to be written and its characteristic value are encrypted and written to the user area of the flash memory device, or the user service data to be read is returned to the host side; if the verification of user service data in the target data fails, the user service data to be written / read is discarded and an error status is reported. If the verification of security configuration information in the target data passes, the TCG protocol stack can be initialized according to the decrypted security configuration information (if the TCG protocol stack is not initialized), or the security configuration information to be written and its characteristic value are encrypted and written to the system area of the flash memory device (if the TCG protocol stack has been initialized); if the verification of security configuration information in the target data fails, the corresponding initialization strategy is executed according to the state of the flash memory device (if the TCG protocol stack is not initialized), or the security configuration data to be written is discarded and an error status is reported (if the TCG protocol stack has been initialized).
[0101] This application embodiment verifies and calculates the target data feature value before encryption and decryption of all information that needs to be encrypted and decrypted, including key security configuration information and user data of the TCG-OPAL protocol, and verifies it again after decryption. This ensures that user data or security configuration information remains consistent after each encryption and decryption operation, avoids the use of invalid or damaged data, and increases the reliability and security of flash memory devices.
[0102] Please refer to Figure 6 , Figure 6 This is a schematic diagram of another TCG protocol stack initialization process. In one embodiment, the method of executing the corresponding initialization strategy according to the state of the flash memory device includes steps S600-S602.
[0103] S600: Determine whether the flash memory device is in factory reset state; if the flash memory device is in factory reset state, then execute step S601; if the flash memory device is not in factory reset state, then execute step S602.
[0104] S601: Initialize the TCG protocol stack based on the default security configuration information.
[0105] S602: Error indicating missing output security configuration information.
[0106] Factory reset (also known as factory default state) refers to restoring the SSD to the manufacturer's preset default configuration and state. During this process, all configurations (such as encryption settings, storage management tables, firmware versions, etc.) will be restored to their factory default values, ensuring that the device is in a known and stable state and avoiding the impact on device functionality due to user operation or system configuration errors.
[0107] In this embodiment, whether the flash memory device is in factory reset state can be determined by the firmware. Typically, a special flag or identifier is set at the factory to indicate the current state of the device; this identifier value is usually a preset fixed value (such as 0xFF, 0x00, etc.). This identifier is modified after the device is first configured or initialized. Therefore, the firmware can check this flag to determine if it matches the preset value, thereby determining whether the device is in factory reset state.
[0108] In addition, the device status can also be determined by checking the device's lifecycle information or log records. If the device's logs contain entries with terms like "restore" or similar, it indicates that the device may still be in a factory reset state.
[0109] If the device is in factory reset state, the system will read the factory default management table entries (i.e., default security configuration information) from the NAND flash memory via the data channel and use the default security configuration information to complete the initialization of the TCG-OPAL protocol stack. If the device is not in factory reset state, a configuration missing error will be returned, prompting the user that necessary security configuration information is missing.
[0110] This application's embodiments, through a factory reset state determination mechanism, ensure that flash memory devices can be restored to a known and stable default configuration state when security configuration information issues or errors occur, avoiding functional failures or data security problems caused by configuration errors. If the device is not in a factory reset state and security configuration information is lost, the system can also promptly identify and report the error, preventing the flash memory device from malfunctioning due to missing configuration information, thereby improving the device's security and reliability.
[0111] Please refer to Figure 7 , Figure 7 This is a schematic diagram of a host service request processing flow. In one embodiment, the method for processing host service requests includes steps S700-S742.
[0112] S700: Determine the type of service request issued by the host; if the type of service request is a user service data write request or a security configuration information setting request, then execute step S711; if the type of service request is a user service data read request or a security configuration information acquisition request, then execute step S721.
[0113] S711: Parse the data to be written in the business request and perform calculations on the data to be written based on the preset verification algorithm to generate the feature value of the data to be written corresponding to the data to be written, and then execute step S712.
[0114] S712: Based on a preset encryption algorithm, the data to be written and the feature value of the data to be written are encrypted to obtain the encrypted data to be written and written to a non-volatile storage medium.
[0115] S721: Based on the business request, read the encrypted data to be read from the non-volatile storage medium, and decrypt the encrypted data to be read. Then execute step S722.
[0116] S722: Verify the decrypted data to be read, and proceed to step S730;
[0117] S730: Determine whether the verification of the decrypted data to be read has passed; if the verification passes, proceed to step S741; if the verification fails, proceed to step S742.
[0118] S741: Returns the decrypted data to be read to the host.
[0119] S742: Output non-volatile storage medium error.
[0120] Security configuration information set / get requests are transmitted via the NVMe Security Send / SecurityReceive interfaces. Simultaneously, they utilize the call ID and method of the relevant management entries in the TCG protocol to complete the setting and retrieval of security configuration information. These requests are primarily used to manage the device's own control data, such as encryption keys, access permissions, and system status. Since the data involved is typically configuration information or metadata, its volume is usually smaller compared to user business data. Furthermore, security configuration information set / get operations are typically performed in the system area (also known as the metadata storage area) of the flash memory device. The operation logic is relatively simple, and the triggering frequency is low, generally occurring during device initialization, upgrades, or when security configuration information needs to be changed.
[0121] In contrast, user business data read / write requests are made in the user area of the flash memory device through read / write commands of the NVMe protocol. These requests mainly serve the user's daily data storage and access needs. These requests are triggered more frequently and are the core operation of the flash memory device during normal operation.
[0122] Specifically, when an SSD receives a service request from the host, its internal software (such as firmware) needs to determine whether the request type is a service request. Communication between the host and the SSD is typically based on standard protocols, such as Serial ATA (SATA) or Non-Volatile Memory Express (NVMe). The SSD's firmware parses the host protocol layer request and determines the service request type by identifying specific fields or flags in the protocol's command packet. For example, in NVMe, read / write request types are typically specified in the OPC (Opcode) field of Command Dword 0 (CDW0).
[0123] For example, in the case of a user business data write request or a security configuration information setting request, taking the CRC-4 algorithm as an example, a CRC calculation is performed on the plaintext target data to generate a 4-bit CRC value. The target data is then concatenated with the calculated 4-bit CRC value to form the complete data to be encrypted. According to the requirements of the TCG-OPAL protocol, the concatenated data to be encrypted needs to be encrypted. Finally, the encrypted target data is written to the storage medium (such as NAND flash memory) through the SSD's data path. Here, the data path is the data transmission path within the SSD, used to transfer data between the controller chip, memory (DDR), and storage medium (NAND).
[0124] If the request is for reading user business data or obtaining security configuration information, the encrypted data is first read from the storage medium (NAND) via the SSD data path. According to the TCG-OPAL protocol, the read encrypted target data needs to be decrypted to obtain the decrypted plaintext target data. This decrypted target data includes the plaintext target data and the target data feature value (i.e., the third verification information). Then, a verification calculation is performed again on the decrypted plaintext target data. Taking the SHA-256 algorithm as an example, the target data feature value calculated using the SHA-256 algorithm after decryption (i.e., the fourth verification information) is compared with the third verification information. If the third verification information matches the fourth verification information, it indicates that the target data has not been damaged or tampered with during storage and transmission, the verification passes, and the decrypted target data is returned to the host. If the third verification information does not match the fourth verification information, it indicates that the target data may have been damaged or tampered with, and the system will generate an error report and indicate a potential problem with the storage medium. The specific method for comparing the third and fourth verification information can be referred to the comparison process of the first and second verification information; this embodiment will not be elaborated further here.
[0125] This application also provides a user data protection method for processing host service requests after initialization. By combining a verification mechanism and TCG-OPAL protocol encryption and decryption operations, it ensures the consistency and security of target data interacting with the host during storage and retrieval, prevents data corruption or tampering, and provides a solid foundation for the stable operation of storage devices.
[0126] In one embodiment, the decryption operation includes a decryption operation implemented at the host sector level.
[0127] Furthermore, in one embodiment, the encryption operation also includes encryption operations implemented at the host sector level.
[0128] In the embodiments of this application, host sector granularity refers to the basic unit of data transmission or operation from the host's perspective during data processing and encryption. Specifically, host sector granularity is not necessarily consistent with the actual physical sectors inside the SSD, but refers to the "sector size" or "block size" used by the host when sending or receiving data to or from a storage device (such as an SSD).
[0129] In many modern storage devices, especially SSDs, there is a difference between sector granularity and physical page / block granularity. For example, a host might read and write data in 4KB units, while an SSD might read and write in larger pages (such as 16KB, 64KB, etc.). In actual storage operations, the host does not directly manipulate the physical sectors inside the SSD, but rather organizes the data into blocks of a certain size (such as 512 bytes or 4KB) through the file system or disk management (such as SATA, NVMe controllers) for reading and writing.
[0130] Using host sector granularity for data encryption and verification (such as CRC calculation / encryption / decryption) helps ensure data consistency and integrity. By calculating CRC and encrypting data at the host sector level, data block consistency can be ensured and data corruption across multiple physical blocks can be avoided, providing finer-grained data security protection and facilitating interaction between the host and storage devices.
[0131] Host sector-level encryption and decryption operations mean that user data is not processed all at once, but rather divided into blocks according to the host's sector size (e.g., 512 bytes). Taking the CRC32 algorithm as an example, each sector's data is individually checked using the CRC32 algorithm, generating a corresponding CRC32 checksum, which is then appended to the data in that sector to ensure that each sector's data has an independent checksum. For example, assuming each host sector is 512 bytes in size, the software first calculates the CRC32 checksum for that 512 bytes of data and appends it to the data to form a new data block. Next, the software performs the same operation on the next sector. Ultimately, each sector's data will be appended with a corresponding CRC32 checksum.
[0132] This application's embodiments, by performing encryption and decryption operations and attaching checksums for each sector individually, ensure that the data in each sector is free from errors or corruption during transmission and storage. It also enables the detection of errors within any single sector, making error localization more precise. Furthermore, processing data at the sector level reduces memory consumption, avoids performance bottlenecks that may occur when processing large blocks of data at once, and effectively improves the accuracy and efficiency of data processing.
[0133] This application also provides a specific implementation example of a data protection method for flash memory devices. Please refer to [link / reference]. Figure 8 The specific application embodiment includes steps S801-S8142:
[0134] S801: Perform calculations on the target data based on a preset verification algorithm to generate target data feature values corresponding to the target data;
[0135] S802: Encrypt the target data and its feature values using a preset encryption algorithm to obtain encrypted target data;
[0136] S803: Decrypt the encrypted target data according to the preset decryption algorithm to obtain the decrypted target data and the target data feature value;
[0137] S804: Determine the first verification information corresponding to the target data according to the type of the preset verification algorithm;
[0138] S805: Perform calculations on the decrypted target data based on a preset verification algorithm to generate second verification information corresponding to the decrypted target data;
[0139] S806: Determine whether the first verification information corresponding to the security configuration information and the second verification information corresponding to the security configuration information are the same; if the first verification information and the second verification information are the same, then execute step S8071; if the first verification information and the second verification information are different, then execute step S8072.
[0140] S8071: After confirming that the decrypted security configuration information is valid, and after initializing the TCG protocol stack according to the decrypted security configuration information, proceed to step S810.
[0141] S8072: Determined that the decrypted security configuration information is invalid, proceed to step S808;
[0142] S808: Determine whether the flash memory device is in factory reset state; if the flash memory device is in factory reset state, proceed to step S8091; if the flash memory device is not in factory reset state, proceed to step S8092.
[0143] S8091: After initializing the TCG protocol stack according to the default security configuration information, proceed to step S810;
[0144] S8092: Error indicating missing output security configuration information.
[0145] S810: Determine the type of service request issued by the host; if the type of service request is a user service data read request or a security configuration information acquisition request, then execute step S8111; if the type of service request is a user service data write request or a security configuration information setting request, then execute step S8121.
[0146] S8111: Read the encrypted data to be read from the non-volatile storage medium based on the business request, and then execute step S8112 after decrypting the encrypted data to be read.
[0147] S8112: Verify the decrypted data to be read, and execute step S813;
[0148] S8121: Parse the data to be written in the business request, and perform calculations on the data to be written based on the preset verification algorithm to generate the feature value of the data to be written corresponding to the data to be written.
[0149] S8122: Based on a preset encryption algorithm, the data to be written and the feature value of the data to be written are encrypted to obtain the encrypted data to be written and written to a non-volatile storage medium.
[0150] S813: Determine whether the verification of the decrypted data to be read has passed; if the verification has passed, proceed to step S8141; if the weak verification has failed, proceed to step S8142.
[0151] S8141: Returns the decrypted data to be read to the host.
[0152] S8142: Output non-volatile storage media error.
[0153] In this embodiment, the specific processes of steps S801 to S8142 are the same as or similar to the corresponding methods in the above embodiments. For parts not described in detail, please refer to the method embodiments, which will not be repeated here.
[0154] It is understood that the above is merely an example of a specific situation and should not be construed as limiting the implementation process of the embodiments of this application. In practical applications, the specific execution order, the method of obtaining relevant data, the encryption method, the decryption method, the verification method, the selection of verification information, etc., can all be adjusted and modified according to the actual situation, and any modifications and adjustments are within the protection scope of the embodiments of this application.
[0155] It should be understood that although the steps in the flowcharts of the above embodiments are shown sequentially according to the arrows, these steps are not necessarily executed in the order indicated by the arrows. Unless explicitly stated herein, there is no strict order restriction on the execution of these steps, and they can be executed in other orders. Moreover, at least some steps in the flowcharts of the above embodiments may include multiple steps or multiple stages. These steps or stages are not necessarily completed at the same time, but can be executed at different times. The execution order of these steps or stages is not necessarily sequential, but can be performed alternately or in turn with other steps or at least some of the steps or stages of other steps.
[0156] In the various embodiments provided in this application, it should be understood that the disclosed methods can be implemented in multiple ways, and are not limited to the implementation methods described in the specific embodiments. For example, the TCG-OPAL protocol specifies the use of a symmetric encryption algorithm to encrypt the target data before writing it to the medium and decrypt it upon reading it. This type of operation can be implemented in software (e.g., by using a firmware algorithm to perform encryption and decryption) or in hardware (e.g., by using an embedded hardware encryption module to perform encryption and decryption). The encryption and decryption algorithm can be changed according to requirements, for example, using different symmetric encryption algorithms (e.g., AES-256, AES-128) or other encryption schemes. In addition, different verification methods can be used in the data consistency verification before and after decryption, such as using CRC (Cyclic Redundancy Check), hash algorithms (e.g., SHA-256, SHA-512), or Message Authentication Code (MAC) to verify the integrity of the data. The verification process can be implemented in software (e.g., by firmware code performing the verification operation) or accelerated by hardware (e.g., by a hardware CRC module).
[0157] The functional steps described in the various embodiments are only logical examples and can be redefined according to project requirements in actual implementation. For example, encryption / decryption and data verification steps can be combined into a single integrated module; or encryption / decryption, verification, and data transmission functions can be separated into independent modules to better optimize performance or improve flexibility. Alternatively, depending on hardware resources or performance requirements, pipelined processing, multithreading, or other parallel computing methods can be used to optimize step execution.
[0158] To implement the data protection method for flash memory devices according to the embodiments of this application, this application also provides a data protection device for flash memory devices. The flash memory device stores encrypted target data, which includes security configuration information and user service data. The security configuration information is used to initialize the TCG protocol stack. Figure 9 As shown, the device includes:
[0159] The decryption unit 901 is used to obtain the encrypted target data and perform a decryption operation on the encrypted target data;
[0160] Verification unit 902 is used to verify the decrypted target data and obtain the verification result;
[0161] The determining unit 903 is used to determine the initialization strategy of the TCG protocol stack based on the verification result of the security configuration information, so that the flash memory device can perform security protection on the target data based on the initialized TCG protocol stack.
[0162] In one embodiment, the verification unit 902 is further configured to perform calculations on the target data based on a preset verification algorithm to generate target data feature values corresponding to the target data;
[0163] The device further includes: an encryption unit; the encryption unit is used to encrypt the target data and the target data feature value based on a preset encryption algorithm to obtain the encrypted target data.
[0164] In one embodiment, the decryption unit 901 is further configured to acquire the encrypted target data and decrypt the encrypted target data according to a preset decryption algorithm to obtain the decrypted target data and target data feature values.
[0165] In one embodiment, the determining unit 903 is further configured to determine first verification information corresponding to the target data according to the type of a preset verification algorithm.
[0166] The verification unit 902 is further configured to perform calculations on the decrypted target data based on the preset verification algorithm to generate second verification information corresponding to the decrypted target data;
[0167] The verification unit 902 is further configured to compare the first verification information with the second verification information to obtain a verification result.
[0168] In one embodiment, the determining unit 903 is further configured to determine that the decrypted security configuration information is valid if the verification result of the security configuration information indicates that the first verification information is the same as the second verification information, and initialize the TCG protocol stack according to the decrypted security configuration information;
[0169] The determining unit 903 is further configured to determine that the decrypted security configuration information is invalid if the verification result of the security configuration information indicates that the first verification information and the second verification information are different, and to execute the corresponding initialization strategy according to the state of the flash memory device.
[0170] In one embodiment, the apparatus further includes: a processing unit; the processing unit is configured to initialize the TCG protocol stack according to the default security configuration information if the flash memory device is in a factory reset state;
[0171] The processing unit is further configured to output a security configuration information missing error if the flash memory device is not in a factory reset state.
[0172] In one embodiment, the processing unit is further configured to determine the type of service request sent by the host;
[0173] The processing unit is further configured to, if the type of the service request is a user service data write request or a security configuration information setting request, parse the data to be written in the service request and perform calculations on the data to be written based on a preset verification algorithm to generate a data feature value to be written corresponding to the data to be written.
[0174] The encryption unit is further configured to perform encryption operations on the data to be written and the feature value of the data to be written based on a preset encryption algorithm, so as to obtain encrypted data to be written and write it to a non-volatile storage medium.
[0175] The processing unit is further configured to, if the type of the service request is a user service data read request or a security configuration information acquisition request, read the encrypted data to be read from the non-volatile storage medium based on the service request, and perform a decryption operation on the encrypted data to be read.
[0176] The verification unit 902 is also used to verify the decrypted data to be read. If the verification passes, the decrypted data to be read is returned to the host. If the verification fails, a non-volatile storage medium error is output.
[0177] In one embodiment, the decryption operation includes a decryption operation implemented at the host sector level.
[0178] In one embodiment, the encryption operation includes encryption operations implemented at the host sector level.
[0179] In practical applications, the processing unit can be implemented by combining the processor in the flash memory device with the communication interface, and the decryption unit 901, verification unit 902, determination unit 903, and encryption unit can be implemented by the communication interface in the security protection device of the flash memory device.
[0180] It should be noted that the data protection device for flash memory devices provided in the above embodiments is only illustrated by the division of the above-described program modules. In practical applications, the above processing can be assigned to different program modules as needed, that is, the internal structure of the device can be divided into different program modules to complete all or part of the processing described above. Furthermore, the data protection device for flash memory devices provided in the above embodiments and the data protection method embodiments for flash memory devices belong to the same concept, and their specific implementation process can be found in the method embodiments, which will not be repeated here.
[0181] Based on the hardware implementation of the above program modules, and in order to implement the data protection method for a flash memory device provided in this application embodiment, this application embodiment also provides a flash memory device, such as... Figure 10 As shown, the flash memory device 1000 includes:
[0182] Central processing unit 1001, memory 1002 and input / output interface 1003;
[0183] The memory 1002 is a short-term storage memory or a persistent storage memory;
[0184] The central processing unit 1001 is configured to communicate with the memory 1002 and execute instructions in the memory 1002 to perform any of the above-described data protection methods for flash memory devices.
[0185] Of course, in practical applications, the various components in the flash memory device 1000 are coupled together through a bus system 1004. It is understood that the bus system 1004 is used to realize communication between these components. In addition to a data bus, the bus system 1004 also includes a power bus, a control bus, and a status signal bus. However, for clarity, in... Figure 10 The general labeled all buses as Bus System 1004.
[0186] The memory 1002 in this embodiment is used to store various types of data to support the operation of the flash memory device 1000. Examples of such data include any computer program used to operate on the flash memory device 1000.
[0187] It is understood that when the processor in the flash memory device described above executes the computer program, it can also implement the functions of each unit in the corresponding device embodiments described above, which will not be repeated here. Exemplarily, the computer program can be divided into one or more modules / units, one or more modules / units are stored in memory and executed by the processor to complete the various embodiments of this application. One or more modules / units can be a series of computer program instruction segments capable of performing a specific function, which describe the execution process of the computer program in the flash memory device. For example, the computer program can be divided into units in the aforementioned flash memory device, and each unit can implement the specific functions described in the corresponding flash memory device above.
[0188] The processor can be a Central Processing Unit (CPU), or other general-purpose processors, digital signal processors (DSPs), application-specific integrated circuits (ASICs), field-programmable gate arrays (FPGAs), or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc. A general-purpose processor can be a microprocessor or any conventional processor. The processor is the control center of the flash memory device, connecting all parts of the flash memory device through various interfaces and lines.
[0189] Memory can be used to store computer programs and / or modules. The processor implements various functions of the flash memory device by running or executing the computer programs and / or modules stored in the memory, and by accessing data stored in the memory. Memory can mainly include a program storage area and a data storage area. The program storage area can store the operating system, applications required for at least one function, etc.; the data storage area can store data created based on terminal usage, etc. Furthermore, memory can include high-speed random access memory, and can also include non-volatile memory, such as small-capacity non-volatile memory (e.g., NOR flash memory).
[0190] This application also provides a computer-readable storage medium storing a computer program thereon, which, when executed by a processor, performs the data protection method for the flash memory device described in any of the above embodiments.
[0191] This application also provides a computer program product storing a computer program / instruction, which, when executed by a processor, is used to implement the data protection method for a flash memory device described in the first aspect or any specific implementation of the first aspect of this application.
[0192] Those skilled in the art will clearly understand that, for the sake of convenience and brevity, the specific working processes of the systems, devices, and units described above can be referred to the corresponding processes in the foregoing method embodiments, and will not be repeated here.
[0193] In the several embodiments provided in this application, it should be understood that the disclosed systems, apparatuses, and methods can be implemented in other ways. For example, the apparatus embodiments described above are merely illustrative; for instance, the division of units is only a logical functional division, and in actual implementation, there may be other division methods. For example, multiple units or components may be combined or integrated into another system, or some features may be ignored or not executed. Furthermore, the coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection between apparatuses or units through some interfaces, and may be electrical, mechanical, or other forms.
[0194] The units described as separate components may or may not be physically separate. The components shown as units may or may not be physical units; that is, they may be located in one place or distributed across multiple network units. Some or all of the units can be selected to achieve the purpose of this embodiment according to actual needs.
[0195] Furthermore, the functional units in the various embodiments of this application can be integrated into one processing unit, or each unit can exist physically separately, or two or more units can be integrated into one unit. The integrated unit can be implemented in hardware or as a software functional unit.
[0196] If the integrated unit is implemented as a software functional unit and sold or used as an independent product, it can be stored in a computer-readable storage medium. Based on this understanding, the technical solution of this application, in essence, or the part that contributes to the prior art, or all or part of the technical solution, can be embodied in the form of a software product. This computer software product is stored in a storage medium and includes several instructions to cause a flash memory device to execute all or part of the steps of the methods described in the various embodiments of this application. The aforementioned storage medium includes various media capable of storing program code, such as USB flash drives, portable hard drives, read-only memory (ROM), random access memory (RAM), magnetic disks, or optical disks.
Claims
1. A data protection method for a flash memory device, characterized in that, The flash memory device stores encrypted target data, which includes security configuration information and user service data. The security configuration information is used to initialize the TCG protocol stack. The method includes: Obtain the encrypted target data and decrypt the encrypted target data; Verify the decrypted target data and obtain the verification result; The initialization strategy of the TCG protocol stack is determined based on the verification result of the security configuration information, so that the flash memory device can perform security protection on the target data based on the initialized TCG protocol stack.
2. The data protection method for a flash memory device according to claim 1, characterized in that, The method for generating the encrypted target data includes: The target data is processed based on a preset verification algorithm to generate target data feature values corresponding to the target data; The target data and its feature values are encrypted using a preset encryption algorithm to obtain the encrypted target data.
3. The data protection method for a flash memory device according to claim 1, characterized in that, The step of obtaining the encrypted target data and decrypting the encrypted target data includes: The encrypted target data is obtained, and the encrypted target data is decrypted according to a preset decryption algorithm to obtain the decrypted target data and target data feature values.
4. The data protection method for a flash memory device according to claim 3, characterized in that, The step of verifying the decrypted target data and obtaining the verification result includes: The first verification information corresponding to the target data is determined according to the type of the preset verification algorithm; The decrypted target data is processed based on the preset verification algorithm to generate second verification information corresponding to the decrypted target data. The first verification information is compared with the second verification information to obtain the verification result.
5. The data protection method for a flash memory device according to claim 4, characterized in that, The step of determining the initialization strategy of the TCG protocol stack based on the verification result of the security configuration information includes: If the verification result of the security configuration information indicates that the first verification information and the second verification information are the same, then the decrypted security configuration information is determined to be valid, and the TCG protocol stack is initialized according to the decrypted security configuration information. If the verification result of the security configuration information indicates that the first verification information and the second verification information are different, then the decrypted security configuration information is determined to be invalid, and the corresponding initialization strategy is executed according to the state of the flash memory device.
6. The data protection method for a flash memory device according to claim 5, characterized in that, The flash memory device also stores default security configuration information. The step of executing the corresponding initialization strategy based on the state of the flash memory device includes: If the flash memory device is in factory reset state, the TCG protocol stack is initialized according to the default security configuration information; If the flash memory device is not in factory reset state, a security configuration information missing error will be output.
7. The data protection method for a flash memory device according to claim 1, characterized in that, The method further includes: Determine the type of service request issued by the host; If the type of the business request is a user business data write request or a security configuration information setting request, then the data to be written in the business request is parsed and the data to be written is calculated based on a preset verification algorithm to generate a data feature value corresponding to the data to be written. The data to be written and its feature values are encrypted using a preset encryption algorithm to obtain encrypted data to be written and then written to a non-volatile storage medium. If the type of the service request is a user service data read request or a security configuration information acquisition request, then based on the service request, the encrypted data to be read is read from the non-volatile storage medium, and the encrypted data to be read is decrypted. The decrypted data to be read is verified. If the verification passes, the decrypted data to be read is returned to the host. If the verification fails, a non-volatile storage medium error is output.
8. The data protection method for a flash memory device according to any one of claims 1, 3, and 7, characterized in that, The decryption operation includes decryption operations implemented at the host sector level.
9. The data protection method for a flash memory device according to any one of claims 2 and 7, characterized in that, The encryption operations include encryption operations implemented at the host sector level.
10. A flash memory device, characterized in that, include: Central processing unit, memory, and input / output interfaces; The memory is either a short-term storage memory or a persistent storage memory; The central processing unit is configured to communicate with the memory and execute instructions in the memory to perform the data protection method for the flash memory device according to any one of claims 1 to 9.