Memory management method and storage apparatus

By detecting bit error rate and generating cryptographic information in the memory module to encrypt data, the problem of insufficient security of traditional storage media is solved, and the encryption efficiency and security of data storage are improved.

WO2026144465A1PCT designated stage Publication Date: 2026-07-09HOSIN GLOBAL ELECTRONICS CO LTD

Patent Information

Authority / Receiving Office
WO · WO
Patent Type
Applications
Current Assignee / Owner
HOSIN GLOBAL ELECTRONICS CO LTD
Filing Date
2025-10-28
Publication Date
2026-07-09

AI Technical Summary

Technical Problem

Traditional storage media such as mechanical hard disk drives and early solid-state drives lack security mechanisms in the face of unauthorized access and data breaches, and cannot meet the stringent requirements for data integrity and confidentiality.

Method used

By performing error detection in the memory module to obtain bit error rate information, generating password information, and using this information to encrypt data, the randomness of encrypted data is improved, thereby enhancing data storage security.

Benefits of technology

It improves the data encryption efficiency and security of storage devices, increases the difficulty of cracking encrypted data, and improves the problem of insufficient randomness of random numbers in traditional encryption schemes.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN2025130447_09072026_PF_FP_ABST
    Figure CN2025130447_09072026_PF_FP_ABST
Patent Text Reader

Abstract

Provided in the present invention are a memory management method and a storage apparatus. The method comprises: sending a read instruction sequence to a memory module, so as to instruct the memory module to read a first physical unit among a plurality of physical units; obtaining, from the memory module, read data corresponding to the read instruction sequence; executing error detection on the read data, so as to obtain error rate information of the read data; on the basis of the error rate information, generating password information; on the basis of the password information, encrypting original data, so as to generate encrypted data corresponding to the original data; and sending a write instruction sequence to the memory module, so as to instruct the memory module to store the encrypted data in a second physical unit among the plurality of physical units. Therefore, the data encryption efficiency of a storage apparatus can be improved.
Need to check novelty before this filing date? Find Prior Art

Description

Memory management methods and storage devices Technical Field

[0001] This invention relates to the field of storage technology, and more particularly to a memory management method and a storage device. Background Technology

[0002] In today's digital age, with the rapid development of information technology and the increasing prominence of big data value, data security has become a core element that cannot be ignored in storage system design. Traditional hard disk drives (HDDs) and early solid-state drives (SSDs), lacking built-in security mechanisms, are particularly vulnerable to unauthorized access and data breaches. Especially in emerging application scenarios such as cloud computing and edge computing, these traditional storage media cannot meet the stringent requirements for data integrity and confidentiality.

[0003] To address these challenges, data encryption has become one of the mainstream methods for protecting sensitive information. Among these, hardware-based encryption solutions are highly favored due to their ability to provide high performance and high security. Against this backdrop, solid-state drives (SSDs) with powerful encryption capabilities have emerged. These SSDs not only inherit the high-speed read / write characteristics of traditional SSDs but also provide users with a fast and secure data storage platform by integrating advanced encryption algorithms and key management strategies.

[0004] Therefore, developing and optimizing high-quality encrypted SSDs has become a key focus for technical personnel in the storage field. Summary of the Invention

[0005] The present invention provides a memory management method and a storage device that can improve the above-mentioned problems and enhance the data encryption efficiency of the storage device.

[0006] Embodiments of the present invention provide a memory management method for a storage device, wherein the storage device includes a memory module, the memory module including a plurality of physical units, and the memory management method includes: sending a read instruction sequence to the memory module to instruct the memory module to read a first physical unit among the plurality of physical units; obtaining read data corresponding to the read instruction sequence from the memory module; performing error detection on the read data to obtain error rate information of the read data, wherein the error rate information reflects the bit error rate of the read data; generating password information based on the error rate information; encrypting original data based on the password information to generate encrypted data corresponding to the original data; and sending a write instruction sequence to the memory module to instruct the memory module to store the encrypted data into a second physical unit among the plurality of physical units.

[0007] An embodiment of the present invention further provides a storage device, which includes a connection interface, a memory module, and a memory controller. The connection interface is used to connect to a host system. The memory controller is connected to the connection interface and the memory module. The memory module includes a plurality of physical units, and the memory controller is used to: send a read instruction sequence to the memory module to instruct the memory module to read a first physical unit among the plurality of physical units; obtain read data corresponding to the read instruction sequence from the memory module; perform error detection on the read data to obtain error rate information of the read data, wherein the error rate information reflects the bit error rate of the read data; generate password information based on the error rate information; encrypt the original data based on the password information to generate encrypted data corresponding to the original data; and send a write instruction sequence to the memory module to instruct the memory module to store the encrypted data into a second physical unit among the plurality of physical units.

[0008] Based on the above, the present invention can effectively improve the problem that the random numbers traditionally used for encrypting data are not random enough, thereby improving the data encryption efficiency of storage devices. Attached Figure Description

[0009] Figure 1 is a schematic diagram of a data storage system according to an embodiment of the present invention;

[0010] Figure 2 is a schematic diagram of a memory controller according to an embodiment of the present invention;

[0011] Figure 3 is a schematic diagram of a memory management module according to an embodiment of the present invention;

[0012] Figure 4 is a schematic diagram illustrating the generation of cryptographic information according to an embodiment of the present invention;

[0013] Figure 5 is a schematic diagram illustrating the generation of cryptographic information according to an embodiment of the present invention;

[0014] Figure 6 is a flowchart illustrating a memory management method according to an embodiment of the present invention;

[0015] Figure 7 is a flowchart illustrating a memory management method according to an embodiment of the present invention. Detailed Implementation

[0016] Reference will now be made in detail to exemplary embodiments of the invention, examples of which are illustrated in the accompanying drawings. Wherever possible, the same element references are used in the drawings and description to denote the same or similar parts.

[0017] Figure 1 is a schematic diagram of a data storage system according to an embodiment of the present invention. Referring to Figure 1, the data storage system 10 includes a host system 11 and a storage device 12. The storage device 12 can be connected to the host system 11 and can be used to store data from the host system 11. For example, the host system 11 can be a smartphone, tablet computer, laptop computer, desktop computer, industrial computer, game console, server, or computer system installed in a specific carrier (e.g., vehicle, aircraft, or ship), and the type of host system 11 is not limited thereto. In addition, the storage device 12 may include a solid-state drive, USB flash drive, memory card, or other types of non-volatile storage devices.

[0018] Storage device 12 includes a connection interface 121, a memory module 122, and a memory controller 123. The connection interface 121 is used to connect storage device 12 to host system 11. For example, connection interface 121 may support embedded multi-media card (eMMC), universal flash storage (UFS), peripheral component interconnect express (PCI Express), non-volatile memory express (NVM express), Serial Advanced Technology Attachment (SATA), universal serial bus (USB), or other types of connection interface standards. Therefore, storage device 12 can communicate with host system 11 (e.g., exchange signals, instructions, and / or data) via connection interface 121.

[0019] Memory module 122 is used to store data. For example, memory module 122 may include one or more rewritable non-volatile memory modules. Each rewritable non-volatile memory module may include one or more memory cell arrays. The memory cells in the memory cell array store data in the form of voltage (also known as threshold voltage). For example, memory module 122 may include a Single Level Cell (SLC) NAND flash memory module, a Multi Level Cell (MLC) NAND flash memory module, a Triple Level Cell (TLC) NAND flash memory module, a Quad Level Cell (QLC) NAND flash memory module, and / or other memory modules with the same or similar characteristics.

[0020] Memory controller 123 is connected to connection interface 121 and memory module 122. Memory controller 123 can be considered the control core of storage device 12 and is used to control storage device 12. For example, memory controller 123 can be used to control or manage the overall or partial operation of storage device 12. For example, memory controller 123 may include a central processing unit (CPU), or other programmable general-purpose or special-purpose microprocessor, digital signal processor (DSP), programmable controller, application-specific integrated circuit (ASIC), programmable logic device (PLD), or other similar device or combination of these devices. In one embodiment, memory controller 123 may include flash memory controller.

[0021] The memory controller 123 can send instruction sequences to the memory module 122 to access the memory module 122. For example, the memory controller 123 can send a write instruction sequence to the memory module 122 to instruct the memory module 122 to store data in a specific memory cell. For example, the memory controller 123 can send a read instruction sequence to the memory module 122 to instruct the memory module 122 to read data from a specific memory cell. For example, the memory controller 123 can send an erase instruction sequence to the memory module 122 to instruct the memory module 122 to erase data stored in a specific memory cell. Furthermore, the memory controller 123 can also send other types of instruction sequences to the memory module 122 to instruct the memory module 122 to perform other types of operations; this invention is not limited thereto. The memory module 122 can receive instruction sequences from the memory controller 123 and access its internal memory cells according to these instruction sequences.

[0022] Figure 2 is a schematic diagram of a memory controller according to an embodiment of the present invention. Referring to Figures 1 and 2, the memory controller 123 includes a host interface 21, a memory interface 22, and a memory control circuit 23. The host interface 21 is used to connect to a host system 11 via the connection interface 121 for communication with the host system 11. The memory interface 22 is used to connect to a memory module 122 for access to the memory module 122.

[0023] Memory control circuitry 23 is connected to host interface 21 and memory interface 22. Memory control circuitry 23 can be used to control or manage the overall or partial operation of memory controller 123. For example, memory control circuitry 23 can communicate with host system 11 via host interface 21 and access memory module 122 via memory interface 22. For example, memory control circuitry 23 may include control circuitry such as embedded controllers or microcontrollers. In the following embodiments, the description of memory control circuitry 23 is equivalent to the description of memory controller 123.

[0024] In one embodiment, the memory controller 123 may further include a buffer memory 24. The buffer memory 24 is connected to the memory control circuitry 23 and is used to cache data. For example, the buffer memory 24 may be used to cache instructions from the host system 11, data from the host system 11, and / or data from the memory module 122.

[0025] In one embodiment, the memory controller 123 may further include a decoding circuit 25. The decoding circuit 25 is connected to the memory control circuit 23 and is used to encode and decode data to ensure data integrity. For example, the decoding circuit 25 may support various encoding / decoding algorithms such as Low Density Parity Check code (LDPC code), BCH code, Reed-solomon code (RS code), and Exclusive OR (XOR) code.

[0026] In one embodiment, the memory controller 123 may further include an encryption circuit 26. The encryption circuit 26 is connected to the memory control circuit 23 and is used to encrypt and decrypt data to ensure data confidentiality. For example, after a certain data (also referred to as first data) is encrypted by the encryption circuit 26, it can form ciphertext corresponding to the first data. After this ciphertext is decrypted by the encryption circuit 26, the plaintext (i.e., the first data) corresponding to this ciphertext can be restored.

[0027] In one embodiment, the encryption circuit 26 may support symmetric encryption algorithms, asymmetric encryption algorithms, or other types of encryption / decryption algorithms. For example, symmetric encryption algorithms may include AES (Advanced Encryption Standard)-256, while asymmetric encryption algorithms may include RSA (Rivest-Shamir-Adleman), and the invention is not limited thereto. In one embodiment, the memory controller 123 may also include other types of circuit modules (e.g., power management circuits), and the invention is not limited thereto.

[0028] Figure 3 is a schematic diagram of a memory management module according to an embodiment of the present invention. Referring to Figures 1 to 3, the memory module 122 includes a plurality of physical units 301(1) to 301(B). Each physical unit includes a plurality of storage cells for non-volatile storage of data.

[0029] In one embodiment, an entity unit may include one or more entity erasure units. Furthermore, an entity unit may include multiple entity sub-units. For example, an entity sub-unit may include one or more entity programming units.

[0030] In one embodiment, an entity programming unit may include multiple entity sectors. For example, the data capacity of an entity sector may be 512 bytes (B), and an entity programming unit may include 32 entity sectors. However, the data capacity of an entity sector and / or the total number of entity sectors included in an entity programming unit can be adjusted according to practical needs, and the present invention is not limited thereto. In one embodiment, an entity programming unit may be considered as an entity page. For example, the storage capacity of an entity programming unit may be 16 kilobytes, and the present invention is not limited thereto.

[0031] In one embodiment, a physical programming unit is the smallest unit of synchronously written data in memory module 122. For example, when performing a programming operation (also called a write operation) on a physical programming unit to write data to that physical programming unit, multiple memory cells in that physical programming unit can be synchronously programmed to store the corresponding data. For example, when programming a physical programming unit, a write voltage can be applied to that physical programming unit to change the threshold voltage of at least some of the memory cells in that physical programming unit. For example, the threshold voltage of a memory cell may reflect the bit data stored in that memory cell.

[0032] In one embodiment, a physical erase unit may include multiple physical programmed units. The multiple physical programmed units in a physical erase unit can be erased synchronously. For example, when performing an erase operation on a physical erase unit, an erase voltage can be applied to the multiple physical programmed units in this physical erase unit to change the threshold voltage of at least some of the memory cells in these physical programmed units. By performing an erase operation on a physical erase unit, the data stored in this physical erase unit can be erased.

[0033] In one embodiment, the memory control circuit 23 can logically associate entity units 301(1) to 301(A) and 301(A+1) to 301(B) with the data area 31 and the idle area 32, respectively. Entity units 301(1) to 301(A) in the data area 31 all store data (also called user data) from the host system 11. For example, any entity unit in the data area 31 can store valid data and / or invalid data. In addition, entity units 301(A+1) to 301(B) in the idle area 32 do not store any data (e.g., valid data).

[0034] In one embodiment, if a certain entity unit does not store valid data, this entity unit can be associated with the free area 32. Furthermore, entity units in the free area 32 can be erased to clear the data in that entity unit. In one embodiment, entity units in the free area 32 are also referred to as idle entity units. In one embodiment, the free area 32 is also referred to as the free pool.

[0035] In one embodiment, when data needs to be stored, the memory control circuit 23 can select one or more physical units from the idle area 32 and instruct the memory module 122 to store the data into the selected physical units. After the data is stored into this physical unit, this physical unit can be associated with the data area 31. In other words, one or more physical units can be used alternately between the data area 31 and the idle area 32.

[0036] In one embodiment, the memory control circuit 23 may be configured with a plurality of logic units 302(1) to 302(C) to map physical units (i.e., physical units 301(1) to 301(A)) in the data area 31. For example, a logic unit may correspond to a logical block address (LBA) or other logical management unit. A logic unit may be mapped to one or more physical units.

[0037] In one embodiment, if a physical unit is currently mapped by any logical unit, the memory control circuit 23 can determine that the data currently stored in this physical unit includes valid data. Conversely, if a physical unit is not currently mapped by any logical unit, the memory control circuit 23 can determine that this physical unit does not currently store any valid data.

[0038] In one embodiment, the memory control circuit 23 may record the mapping relationship between logic units and physical units in at least one management table (also known as a logic-to-physical mapping table). In one embodiment, the memory control circuit 23 may instruct the memory module 122 to perform operations such as data reading, writing, or erasing based on the information in this management table (i.e., the logic-to-physical mapping table).

[0039] In one embodiment, the memory control circuit 23 may send a read instruction sequence to the memory module 122. The read instruction sequence may be used to instruct the memory module 122 to read at least one physical unit (also referred to as a first physical unit). For example, the first physical unit may include at least one of the physical units 301(1) to 301(A) of FIG. 3. Based on the read result of the memory module 122, the memory control circuit 23 may obtain read data corresponding to the read instruction sequence from the memory module 122. For example, assuming the first physical unit is physical unit 301(i) of FIG. 3, the read data may reflect the read result of the memory module 122 on physical unit 301(i).

[0040] In one embodiment, after acquiring the read data, the memory control circuit 23 can perform error detection on the read data. The error detection is used to obtain error rate information of the read data. The error rate information can reflect the bit error rate (BER) of the read data. For example, the error rate information (i.e., the bit error rate) can reflect that approximately a few error bits exist in a preset amount of read data.

[0041] It should be noted that the error detection can be performed by the memory control circuit 23 or by the memory control circuit 23 in conjunction with the decoding circuit 25. However, in one embodiment, the error detection does not include error correction of the read data by the decoding circuit 25. For example, the error correction is used to correct errors (i.e., erroneous bits) in the read data.

[0042] That is, in one embodiment, the memory control circuit 23 can perform error detection on the read data without performing error correction on the read data, in order to obtain the error rate information. This saves power consumption of the storage device 12.

[0043] In one embodiment, after obtaining the error rate information, the memory control circuit 23 can generate password information based on the error rate information. Taking the AES-256 encryption algorithm as an example, the password information may include private key information and initialization sequence information. The private key information may contain information about the key used to perform encryption in the AES-256 encryption algorithm. The initialization sequence information may contain information about the initialization sequence (also known as the initialization vector) used to perform encryption in the AES-256 encryption algorithm. It should be noted that the content of the password information may vary depending on the encryption algorithm, and this invention does not impose any limitations.

[0044] In one embodiment, after obtaining the password information, the encryption circuit 26 can encrypt the data (also referred to as the original data) according to the password information to generate encrypted data corresponding to the original data. Taking the AES-256 encryption algorithm as an example, the encryption circuit 26 can encrypt the original data based on the AES-256 encryption algorithm according to the password information to generate the encrypted data. It should be noted that the encryption circuit 26 can also use other encryption algorithms to encrypt the original data, and this invention is not limited thereto.

[0045] In one embodiment, after acquiring the encrypted data, the memory control circuit 23 may send a write instruction sequence to the memory module 122. The write instruction sequence may be used to instruct the memory module 122 to store the encrypted data into at least one physical unit (also referred to as a second physical unit). For example, assuming the first physical unit is physical unit 301(i) of FIG. 3, the second physical unit may be physical unit 301(j) of FIG. 3, and i is different from j. Alternatively, in one embodiment, i may be equal to j.

[0046] It should be noted that in the foregoing embodiments, the correctness (or bit error rate) of each piece of data read from the first physical unit is affected by the current operating state of the memory module 122. For example, the operating state includes the read voltage applied to the first physical unit, the duration of the applied read voltage, the critical voltage distribution of the multiple memory cells in the first physical unit, the ambient temperature, and / or the clock frequency, and the type of operating state is not limited to these. Therefore, at different points in time, the read results for the first physical unit may differ based on the current operating state of the memory module 122. Consequently, compared to traditional pseudo-random number generators (PRNGs) and / or true random number generators (TRNGs), the bit error rate of the read results can more closely approximate true randomness (i.e., cannot be accurately predicted).

[0047] In one embodiment, obtaining the password information based on the bit error rate of the read data and encrypting the original data based on the password information can improve the shortcomings of pseudo-random number generators (PRNGs) and / or true random number generators (TRNGs), such as the generated random numbers not being random enough or even having patterns, thereby improving the efficiency of subsequent data encryption and increasing the difficulty of cracking the encrypted data. Thus, the data storage security of the storage device 12 can be effectively improved.

[0048] In one embodiment, after obtaining the error rate information, the memory control circuit 23 can perform information processing (also referred to as first information processing) on ​​the error rate information to obtain reference information (also referred to as first reference information). Specifically, the first reference information can conform to a preset data format, and the preset data format matches the encryption algorithm used to generate the password information. For example, assuming the encryption algorithm is AES-256, the preset data format can match the AES-256 encryption algorithm. For example, the preset data format can be used to standardize the data length of the first reference information to a preset length to meet the subsequent computational requirements for the AES-256 encryption algorithm. Then, the memory control circuit 23 can generate the password information based on the first reference information.

[0049] Figure 4 is a schematic diagram illustrating the generation of cryptographic information according to an embodiment of the present invention. Referring to Figure 4, the memory control circuit 23 can obtain error rate information 41. For example, the error rate information 41 may reflect the bit error rate of the read data read from the first physical unit. For example, the error rate information 41 may include a numerical value or data sequence to reflect the bit error rate of the read data.

[0050] After obtaining the error rate information 41, the memory control circuit 23 can perform information processing 401 (i.e., first information processing) on ​​the error rate information 41 to obtain reference information 42 (i.e., first reference information). For example, in information processing 401, the memory control circuit 23 can perform logarithmic operations (e.g., natural logarithm), absolute value operations, extracting at least a portion of the value after the decimal point, removing at least a portion of the value after the decimal point, numerical unit transformation, polynomial operations, hash operations, or other custom processing on the error rate information 41. The specific operational details of information processing 401 can be set according to the encryption algorithm used, and this invention is not limited thereto. Based on the result of information processing 401, the memory control circuit 23 can obtain the reference information 42. Similar to the error rate information 41, the reference information 42 can approach a truly random number (i.e., cannot be accurately predicted).

[0051] In one embodiment, after obtaining the reference information 42, the memory control circuit 23 can generate password information 43 based on the reference information 42. For example, taking the AES-256 encryption algorithm as an example, the password information 43 may include key information 431 and initialization sequence information 432.

[0052] In one embodiment, the memory control circuit 23 may perform a data conversion (also referred to as a first data conversion) 411 on the reference information 42 to obtain key information 431. For example, the key information 431 may carry information about the key used to perform encryption in the encryption algorithm used by the encryption circuit 26. Furthermore, the memory control circuit 23 may perform another data conversion (also referred to as a second data conversion) 412 on the reference information 42 to obtain initialization sequence information 432. For example, the initialization sequence information 432 may carry information about the initialization sequence (or initialization vector) used to perform encryption in the encryption algorithm used by the encryption circuit 26.

[0053] In one embodiment, the data format (e.g., data length) of the key information 431 may differ from the data format (e.g., data length) of the initialization sequence information 432. For example, taking the AES-256 encryption algorithm, the data lengths of the key information 431 and the initialization sequence information 432 used in the AES-256 encryption algorithm may be "256" bits and "128" bits, respectively. However, the data formats of the key information 431 and / or the initialization sequence information 432 can be adjusted according to practical needs, and the present invention does not impose any limitations on them.

[0054] It should be noted that in the embodiment of FIG4, information processing 401, first data conversion 411, and second data conversion 412 can all be set or configured according to the encryption algorithm used by encryption circuit 26. Thus, information processing 401, first data conversion 411, and second data conversion 412 can be used to generate reference information 42, key information 431, and initialization sequence information 432 that match the encryption algorithm used by encryption circuit 26, respectively.

[0055] In one embodiment, the memory control circuit 23 may also acquire time information. The time information may reflect the average execution time of an erase operation on multiple physical units in the memory module 122. For example, the execution time of an erase operation performed on a single physical unit refers to the time elapsed from the start of the erase operation on that physical unit until the erase operation ends or is completed. The memory control circuit 23 can then generate the password information based on the error rate information and the time information.

[0056] In one embodiment, the execution time of each erase operation performed by the memory module 122 is affected by the current operating state of the memory module 122. For example, the operating state includes the applied erase voltage, the duration of the applied erase voltage, the critical voltage distribution of the erased memory cells, ambient temperature, and / or clock frequency, and the type of operating state is not limited to these. Therefore, at different points in time, the execution time of the erase operation may also differ based on the current operating state of the memory module 122.

[0057] In one embodiment, by combining the error rate information with the time information to generate the password information, the randomness of the password information can be further improved, thereby increasing the efficiency of subsequent data encryption and the difficulty of cracking the encrypted data. This can more effectively improve the data storage security of the storage device 12.

[0058] In one embodiment, the memory control circuit 23 may perform an erase operation on at least one of a plurality of physical cells in the memory module 122. For example, in an erase operation performed on physical cell 301(k) of FIG. 3, the memory module 122 may apply an erase voltage to each memory cell (or physical sub-cell) in physical cell 301(k). This erase operation (or the applied erase voltage) may be used to erase data stored in physical cell 301(k). Furthermore, in response to the performed erase operation, the memory control circuit 23 may update the time information.

[0059] In one embodiment, the memory control circuit 23 continuously monitors the usage status of the memory module 122 to obtain the total execution time of the erase operation performed on each physical unit in the memory module 122. Then, the memory control circuit 23 can obtain (or update) the time information based on the total number of physical units in the memory module 122 and the total execution time. Thus, the obtained or updated time information can reflect the average execution time of the erase operation on the plurality of physical units in real time.

[0060] In one embodiment, it is assumed that at a certain point in time, the total execution time of the erase operation performed on multiple physical units in the memory module 122 is "22451 microseconds (µs)," and the total number of physical units in the memory module 122 is "1727." The memory control circuit 23 can obtain (or update) the time information based on the total execution time (i.e., "22451 microseconds") and the total number of physical units (i.e., "1727"). For example, the obtained or updated time information may reflect that the average execution time of the aforementioned erase operation on the multiple physical units is "374.183333333333333333333 seconds."

[0061] In one embodiment, after obtaining the time information, the memory control circuit 23 can perform information processing (also referred to as second information processing) on ​​the time information to obtain reference information (also referred to as second reference information). Similar to the first reference information, the second reference information also conforms to the preset data format. Taking the AES-256 encryption algorithm as an example, the preset data format can be used to standardize the data length of the second reference information to a preset length to meet the subsequent computational requirements of the AES-256 encryption algorithm. Then, the memory control circuit 23 can generate the password information based on the first reference information and the second reference information. This further improves the randomness of the password information.

[0062] Figure 5 is a schematic diagram illustrating the generation of cryptographic information according to an embodiment of the present invention. Referring to Figure 5, after obtaining the error rate information 41, the memory control circuit 23 can perform information processing 401 on the error rate information 41 to obtain reference information 42. Related operational details can be found in the embodiment of Figure 4, and will not be repeated here.

[0063] In one embodiment, the memory control circuit 23 may acquire time information 51. For example, the time information 51 may reflect the average execution time of the erase operation for the plurality of physical units. For example, this average execution time may be obtained based on the total execution time of at least one erase operation performed on the plurality of physical units in the past and the total number of the plurality of physical units (e.g., by dividing the total execution time by the total number). For example, the time information 51 may include a numerical value or data sequence to reflect the average execution time.

[0064] After obtaining time information 51, the memory control circuit 23 can perform information processing 501 (i.e., second information processing) on ​​the time information 51 to obtain reference information 52 (i.e., second reference information). For example, in information processing 501, the memory control circuit 23 can perform operations on the time information 51 such as extracting at least a portion of the value after the decimal point, removing at least a portion of the value after the decimal point, numerical unit transformation, polynomial operation, hash operation, or other custom processing. The specific operational details of information processing 501 can be set according to the encryption algorithm used, and the present invention is not limited thereto. Based on the result of information processing 501, the memory control circuit 23 can obtain reference information 52. For example, assuming that time information 51 includes "374.18333333333333333333 (seconds)", then after extracting at least a portion of the value after the decimal point from the time information 51, reference information 52 may include "183333333333333333333". Similar to time information 51, reference information 52 can approximate a true random number (i.e., cannot be accurately predicted).

[0065] In one embodiment, after obtaining reference information 42 and 52, the memory control circuit 23 can perform a scrambling process 502 on the reference information 42 and 52 to obtain reference information 53 (i.e., third reference information). For example, in the scrambling process 502, the memory control circuit 23 can perform an XOR operation on the data sequence in reference information 42 (also referred to as the first data sequence) and the data sequence in 52 (also referred to as the second data sequence) to obtain reference information 53. Reference information 53 can reflect the result of the XOR operation. For example, the data sequence in reference information 53 (also referred to as the third data sequence) can include multiple bits. Each bit in reference information 53 can reflect the result of performing the XOR operation on the corresponding bit in reference information 42 and 52. It should be noted that the scrambling process 502 can also include logical addition or other types of logical operations, which are not limited by this invention. Thus, the randomness of the cryptographic information can be further improved.

[0066] After obtaining reference information 53, the memory control circuit 23 can generate password information 54 based on reference information 53. It should be noted that the operational details of generating password information 54 based on reference information 53 can be found in the description of generating password information 43 based on reference information 42 in the embodiment of Figure 4, or can be adjusted according to practical needs, and the present invention is not limited thereto.

[0067] In one embodiment, as long as there is continuous data writing, erasure of physical units, and / or rotation of physical units within the memory module 122, the error rate information and / or the time information will continuously undergo unexpected changes, causing the subsequently generated password information based on the error rate information and / or the time information to also continuously undergo unexpected changes. This effectively increases the randomness of the generated password information and the difficulty of cracking the encrypted data. Therefore, the data storage security of the storage device 12 can be effectively improved.

[0068] In one embodiment, before storing the encrypted data in the second physical unit, the memory control circuit 23 may encode the encrypted data with an Error Correction Code (ECC) to generate error correction data. The error correction data can be used to correct errors (i.e., error bits) in the encrypted data. For example, the error correction data may carry error correction information (e.g., an error correction code) corresponding to the encrypted data.

[0069] In one embodiment, after obtaining the encrypted data and the error correction data, the memory control circuit 23 can store the encrypted data in a data area of ​​a sub-unit (also referred to as the first sub-unit) within the second entity unit. For example, the first sub-unit may include at least one entity programming unit within the second entity unit. Furthermore, the memory control circuit 23 can store the password information and the error correction data in a spare area within the first sub-unit.

[0070] In one embodiment, the memory control circuit 23 can read the encrypted data from the data area in the first physical subunit. Furthermore, the memory control circuit 23 can read the error correction data and the password information from the idle area in the first physical subunit. Then, the memory control circuit 23 can restore the encrypted data to the original data based on the error correction data and the password information. For example, the decoding circuit 25 can decode the encrypted data read from the data area based on the error correction data to attempt to correct errors in the read encrypted data. Then, the encryption circuit 26 can decrypt the corrected encrypted data based on the password information to restore the original data.

[0071] In one embodiment, the memory control circuit 23 can also detect system events. The system events may include at least one of power-on events, power-on events, and other types of custom events. For example, the custom events may include the usage status of the storage device 12 or memory module 122 meeting specific conditions (e.g., the read count, write count, and / or erase count of memory module 122 reaching a critical value), etc., which is not limited by this invention. When the system event is detected, in response to the system event, the memory control circuit 23 may send the read instruction sequence to the memory module 122 to obtain the read data. Subsequently, the memory control circuit 23 may perform subsequent operations based on the read data. The relevant operational details have been described above and will not be repeated here. However, if the system event is not detected, the memory control circuit 23 may not send the read instruction sequence to the memory module 122 to save system resources.

[0072] In one embodiment, the memory control circuit 23 may also predetermine a plurality of physical units (also referred to as candidate physical units) in the memory module 122. For example, the plurality of candidate physical units may be distributed in different memory regions in the memory module 122. For example, the memory regions may include at least one of the wafer, chip enabled (CE) region, and plane in the memory module 122.

[0073] In one embodiment, before sending the read instruction sequence to the memory module to obtain the read data, the memory control circuit 23 may select one of the plurality of candidate entity units as the first entity unit according to a rotation or other customized method. For example, the customized method may include selecting one of the non-adjacent entity units as the first entity unit each time, etc., which is not limited by the present invention. After determining the first entity unit, the memory control circuit 23 may send the read instruction sequence to the memory module to obtain the read data.

[0074] In one embodiment, by distributing the plurality of candidate entity units among different components of the memory module 122 (e.g., different wafers, different chip enable (CE) regions, and different planes), the randomness of the subsequently generated cryptographic information can be reduced due to excessive data reading from a single or small portion of the memory module 122.

[0075] Figure 6 is a flowchart of a memory management method according to an embodiment of the present invention. Referring to Figure 6, in step S601, a read instruction sequence is sent to the memory module to instruct the memory module to read the first physical unit. In step S602, read data corresponding to the read instruction sequence is obtained from the memory module. In step S603, error detection is performed on the read data to obtain error rate information of the read data. The error rate information reflects the bit error rate of the read data. In step S604, password information is generated based on the error rate information. In step S605, the original data is encrypted based on the password information to generate encrypted data corresponding to the original data. In step S606, a write instruction sequence is sent to the memory module to instruct the memory module to store the encrypted data in the second physical unit.

[0076] Figure 7 is a flowchart illustrating a memory management method according to an embodiment of the present invention. Referring to Figure 7, in step S701, time information is obtained, wherein the time information reflects the average execution time of the erase operation for multiple physical units. In step S702, the password information is generated based on the error rate information and the time information.

[0077] However, the steps in Figures 6 and 7 have been described in detail above and will not be repeated here. It is worth noting that each step in Figures 6 and 7 can be implemented as multiple program codes or circuits, and this invention is not limited thereto. Furthermore, the methods in Figures 6 and 7 can be used in conjunction with the above exemplary embodiments, or they can be used alone, and this invention is not limited thereto.

[0078] In summary, the memory management method and storage device proposed in this invention can generate encryption information based on error rate information and / or time information. For example, based on the error rate information and / or the time information, minute changes in the current operating state of the memory module can be reflected in the encryption information to improve the randomness of the encryption information. This effectively addresses the problem of insufficient randomness in traditional methods of encrypting data, thereby improving the data encryption efficiency and data storage security of the storage device.

[0079] Finally, it should be noted that the above embodiments are only used to illustrate the technical solutions of the present invention, and not to limit them; although the present invention has been described in detail with reference to the foregoing embodiments, those skilled in the art should understand that modifications can still be made to the technical solutions described in the foregoing embodiments, or equivalent substitutions can be made to some or all of the technical features; and these modifications or substitutions do not cause the essence of the corresponding technical solutions to deviate from the scope of the technical solutions of the embodiments of the present invention.

Claims

1. A memory management method, characterized in that, For use in a storage device, wherein the storage device includes a memory module, the memory module includes a plurality of physical units, and the memory management method includes: A read instruction sequence is sent to the memory module to instruct the memory module to read the first entity unit among the plurality of entity units; Retrieve read data corresponding to the read instruction sequence from the memory module; Error detection is performed on the read data to obtain error rate information of the read data, wherein the error rate information reflects the bit error rate of the read data; Based on the error rate information, generate password information; Based on the password information, the original data is encrypted to generate encrypted data corresponding to the original data; and A write instruction sequence is sent to the memory module to instruct the memory module to store the encrypted data into the second entity unit among the plurality of entity units.

2. The memory management method according to claim 1, wherein the error detection does not include error correction of the read data.

3. The memory management method according to claim 1, wherein the step of generating the password information based on the error rate information includes: The error rate information is processed by a first information processing step to obtain first reference information, wherein the first reference information conforms to a preset data format and the preset data format matches the encryption algorithm used to generate the password information. as well as The password information is generated based on the first reference information.

4. The memory management method according to claim 1, wherein the step of generating the password information based on the error rate information includes: Obtain time information, wherein the time information reflects the average execution time of the erase operation for the plurality of entity units; as well as The password information is generated based on the error rate information and the time information.

5. The memory management method according to claim 4, further comprising: The erasure operation is performed on at least one of the plurality of entity units; as well as In response to the erase operation, the time information is updated.

6. The memory management method according to claim 4, wherein the step of generating the password information based on the error rate information and the time information includes: The error rate information is processed by a first information processing step to obtain first reference information, wherein the first reference information conforms to a preset data format and wherein the preset data format is matched with the encryption algorithm used to generate the password information. The time information is processed in a second way to obtain second reference information, wherein the second reference information conforms to the preset data format; as well as The password information is generated based on the first reference information and the second reference information.

7. The memory management method according to claim 6, wherein the step of generating the password information based on the first reference information and the second reference information includes: The first reference information and the second reference information are shuffled to obtain the third reference information; as well as The password information is generated based on the third reference information.

8. The memory management method according to claim 1, wherein the step of sending the read instruction sequence to the memory module includes: Detect system events, wherein the system events include at least one of power-on events, power-on events, and custom events; as well as In response to the system event, the read instruction sequence is sent to the memory module.

9. The memory management method according to claim 1, further comprising: Multiple candidate entity units are pre-determined among the plurality of entity units; and Before sending the read instruction sequence to the memory module, one of the multiple candidate entity units is selected as the first entity unit according to a rotation or custom method.

10. The memory management method of claim 9, wherein the plurality of candidate entity units are distributed in different memory regions of the memory module, and the memory regions include at least one of a wafer, a chip enable region, and a plane.

11. A storage device, characterized in that, include: A connection interface used to connect to the host system; Memory module; as well as The memory controller is connected to the connection interface and the memory module. The memory module comprises multiple physical units, and the memory controller is used to: A read instruction sequence is sent to the memory module to instruct the memory module to read the first entity unit among the plurality of entity units; Retrieve read data corresponding to the read instruction sequence from the memory module; Error detection is performed on the read data to obtain error rate information of the read data, wherein the error rate information reflects the bit error rate of the read data; Based on the error rate information, generate password information; Based on the password information, the original data is encrypted to generate encrypted data corresponding to the original data; as well as A write instruction sequence is sent to the memory module to instruct the memory module to store the encrypted data into the second entity unit among the plurality of entity units.

12. The storage device of claim 11, wherein the error detection does not include error correction of the read data.

13. The storage device of claim 11, wherein the operation of the memory controller generating the password information based on the error rate information includes: The error rate information is processed by a first information processing step to obtain first reference information, wherein the first reference information conforms to a preset data format. as well as The password information is generated based on the first reference information.

14. The storage device of claim 11, wherein the operation of the memory controller generating the password information based on the error rate information includes: Obtain time information, wherein the time information reflects the average execution time of the erase operation for the plurality of entity units; as well as The password information is generated based on the error rate information and the time information.

15. The storage device of claim 14, wherein the memory controller is further configured to: The erasure operation is performed on at least one of the plurality of entity units; and In response to the erase operation, the time information is updated.

16. The storage device of claim 14, wherein the operation of the memory controller generating the password information based on the error rate information and the time information includes: The error rate information is processed by a first information processing step to obtain first reference information, wherein the first reference information conforms to a preset data format and wherein the preset data format is matched with the encryption algorithm used to generate the password information. The time information is processed in a second way to obtain second reference information, wherein the second reference information conforms to the preset data format; as well as The password information is generated based on the first reference information and the second reference information.

17. The storage device of claim 16, wherein the operation of the memory controller generating the password information based on the first reference information and the second reference information includes: A shuffling operation is performed on the first reference information and the second reference information to obtain the third reference information; as well as The password information is generated based on the third reference information.

18. The storage device of claim 11, wherein the operation of the memory controller sending the read instruction sequence to the memory module includes: Detect system events, wherein the system events include at least one of power-on events, power-on events, and custom events; as well as In response to the system event, the read instruction sequence is sent to the memory module.

19. The storage device of claim 11, wherein the memory controller is further configured to: Multiple candidate entity units are pre-determined among the plurality of entity units; and Before sending the read instruction sequence to the memory module, one of the multiple candidate entity units is selected as the first entity unit according to a rotation or custom method.

20. The storage device of claim 19, wherein the plurality of candidate entity units are distributed in different memory regions of the memory module, and the memory regions include at least one of a wafer, a chip enable region, and a plane.