阅读说明：本技术 开卡装置及利用开卡装置验证并启用数据储存装置的方法 (Card opening device and method for verifying and starting data storage device by using card opening device ) 是由 王德凯 黄兴郎 于 2019-05-27 设计创作，主要内容包括：本发明涉及一种开卡装置及利用开卡装置验证并且启用数据储存装置的方法,用以验证并启用数据储存装置,包括第一控制单元,透过第一接口耦接至数据储存装置,以及中央控制单元,透过系统总线排耦接至第一控制单元。中央控制单元响应于自电子装置接收的第一控制指令将第一验证数据透过系统总线排提供至第一控制单元,并且由第一控制单元透过第一接口将第一验证数据传送至数据储存装置。于第一验证数据被传送至数据储存装置后,中央控制单元响应于自电子装置接收的第二控制指令将第二验证数据透过系统总线排提供至第一控制单元,并且由第一控制单元透过第一接口将第二验证数据传送至数据储存装置。于第二验证数据的传送被执行后,经由中央控制单元的控制使开卡装置进入完全锁定阶段,于完全锁定阶段,中央控制单元执行数据储存装置的验证程序,并且于中央控制单元判断数据储存装置通过验证程序前,中央控制单元不被允许将任何数据传送给数据储存装置。(The invention relates to a card opening device and a method for verifying and starting a data storage device by using the card opening device, which is used for verifying and starting the data storage device. The central control unit responds to a first control command received from the electronic device and provides first verification data to the first control unit through the system bus line, and the first control unit transmits the first verification data to the data storage device through the first interface. After the first verification data is transmitted to the data storage device, the central control unit responds to a second control command received from the electronic device to provide second verification data to the first control unit through the system bus line, and the first control unit transmits the second verification data to the data storage device through the first interface. After the second verification data is transmitted, the card-opening device enters a full-locking stage under the control of the central control unit, the central control unit executes the verification program of the data storage device in the full-locking stage, and the central control unit is not allowed to transmit any data to the data storage device before the central control unit judges that the data storage device passes the verification program.)

1. A card opening device for authenticating and enabling a data storage device, comprising:

a first control unit coupled to the data storage device through a first interface; and

a central control unit coupled to the first control unit through a system bus line,

wherein the central control unit responds to a first control command received from an electronic device to provide a first verification data to the first control unit through the system bus bar, and the first control unit transmits the first verification data to the data storage device through the first interface,

after the first verification data is transmitted to the data storage device, the central control unit responds to a second control instruction received from the electronic device to provide second verification data to the first control unit through the system bus, and the first control unit transmits the second verification data to the data storage device through the first interface, and

after the second verification data is transmitted, the central control unit makes the card-opening device enter a full locking stage under the control of the central control unit, and in the full locking stage, the central control unit executes a verification program of the data storage device, and before the central control unit judges that the data storage device passes the verification program, the central control unit is not allowed to transmit any data to the data storage device.

2. The card opening device of claim 1, wherein the card opening device is controlled by the central control unit to enter a first locking phase after the card opening device is powered, the central control unit being only allowed to perform data transfer to the data storage device at most a first predetermined number of times during the first locking phase.

3. The device of claim 2, wherein the central control unit is controlled to operate the device in a second locked phase after the first authentication data is transmitted to the data storage device, the central control unit being only allowed to perform the data transfer to the data storage device at most a second predetermined number of times during the second locked phase.

4. The card opening device of claim 1, wherein after determining that the data storage device passes the verification procedure, the card opening device enters an unlocking stage under control of the central control unit, and in the unlocking stage, the central control unit provides a device firmware received from the electronic device to the first control unit through the system bus line in response to a third control command received from the electronic device, and the first control unit transmits the device firmware to the data storage device through the first interface to enable the data storage device.

5. The card opening device of claim 1, wherein the first authentication data includes a program code for generating encrypted data.

6. The card-opening device of claim 1, wherein the second authentication data comprises a key selected by the electronic device and an encryption method, the central control unit receives the second authentication data from the electronic device, and in the authentication procedure, the central control unit further calculates a first encrypted key using the key and the encryption method, receives a second encrypted key from the data storage device, and compares whether the first encrypted key and the second encrypted key are the same, and determines that the data storage device passes the authentication procedure when the first encrypted key and the second encrypted key are the same.

7. The card-opening device of claim 1, wherein the second verification data comprises an encrypted key and a corresponding encryption/decryption method, and in the verification process, the central control unit further receives a decrypted key from the data storage device, compares whether a key received from the electronic device is the same as the decrypted key, and determines that the data storage device passes the verification process when the key is the same as the decrypted key.

8. The card opening device of claim 1, wherein the first interface is a UFS interface.

9. A method of authenticating and enabling a data storage device with a card-opening device, comprising:

transmitting first verification data to the data storage device in response to a first control instruction received from an electronic device;

after the first verification data is transmitted to the data storage device, transmitting second verification data to the data storage device in response to a second control command received from the electronic device;

after the transmission of the second verification data is executed, controlling the card opening device to operate in a complete locking stage, wherein in the complete locking stage, before the card opening device judges that the data storage device passes a verification program, data transmission is not allowed between the card opening device and the data storage device;

executing the verification program of the data storage device to judge whether the data storage device passes the verification program;

after the data storage device passes the verification program, controlling the card opening device to operate in an unlocking stage; and

in the unlocking stage, the card opening device receives a third control instruction and device firmware of the data storage device from the electronic device, and transmits the device firmware to the data storage device in response to the third control instruction so as to enable the data storage device.

10. The method of claim 9, further comprising:

after the card opening device is powered on, the card opening device is controlled to operate in a first locking stage, wherein in the first locking stage, the card opening device is only allowed to perform data transmission on the data storage device for at most a first preset number of times.

11. The method of claim 10, further comprising:

after the first verification data is transmitted to the data storage device, controlling the card-opening device to operate in a second locking stage, wherein in the second locking stage, the card-opening device is only allowed to perform data transmission on the data storage device for at most a second predetermined number of times.

12. The method of claim 9, wherein the first authentication data includes a program code for generating encrypted data.

13. The method of claim 9, wherein the second authentication data includes a key selected by the electronic device and an encryption method, and wherein the step of performing the authentication procedure of the data storage device to determine whether the data storage device passes the authentication procedure further comprises:

calculating a first encrypted key using the key and the encryption method;

receiving a second encrypted key from the data storage device;

comparing whether the first encrypted key and the second encrypted key are the same; and determining that the data storage device is authenticated when the first encrypted key is the same as the second encrypted key.

14. The method of claim 9, wherein the second authentication data comprises an encrypted key and a corresponding encryption/decryption method, and wherein the step of performing the authentication procedure of the data storage device to determine whether the data storage device passes the authentication procedure further comprises:

receiving a decrypted key from the data storage device;

comparing whether a key received from the electronic device is the same as the decrypted key received from the data storage device; and

and when the decrypted key is the same as the key, judging that the data storage device passes the verification.

15. The method of claim 9, wherein the data storage device is a UFS device.

Technical Field

The present invention relates to a device and method for enabling a data storage device, and more particularly, to a method for verifying and enabling a data storage device by using a card-opening device.

Background

As the technology of data storage devices has rapidly grown in recent years, many data storage devices, such as Memory cards conforming to the Secure Digital Memory Card (SD)/Multimedia Memory Card (MMC) specification, CF specification, MS specification and XD specification, solid state drives, embedded Multimedia Memory cards (eMMC) and Universal flash Memory storage (UFS), have been widely used for various purposes.

Generally, in the mass production phase of the data storage device, the device firmware is loaded to enable the data storage device. The device firmware is usually designed according to customer requirements, and therefore, the internal memory device is not usually pre-written during chip packaging, but is loaded only during mass production. In order to load device firmware more efficiently and more securely, a novel apparatus and method for enabling a data storage device is needed.

Disclosure of Invention

According to an embodiment of the present invention, a card opening device for verifying and activating a data storage device includes a first control unit and a central control unit. The first control unit is coupled to the data storage device through a first interface. The central control unit is coupled to the first control unit through a system bus line. The central control unit responds to a first control instruction received from an electronic device and provides first verification data to the first control unit through the system bus line, and the first control unit transmits the first verification data to the data storage device through the first interface. After the first verification data is transmitted to the data storage device, the central control unit responds to a second control command received from the electronic device to provide second verification data to the first control unit through the system bus line, and the first control unit transmits the second verification data to the data storage device through the first interface. After the second verification data is transmitted, the card-opening device enters a full-locking stage under the control of the central control unit, in the full-locking stage, the central control unit executes a verification program of the data storage device, and before the central control unit judges that the data storage device passes the verification program, the central control unit is not allowed to transmit any data to the data storage device.

According to an embodiment of the present invention, a method for authenticating and enabling a data storage device using a card-opening device includes: transmitting first verification data to the data storage device in response to a first control instruction received from an electronic device; after the first verification data is transmitted to the data storage device, transmitting second verification data to the data storage device in response to a second control command received from the electronic device; after the transmission of the second verification data is executed, controlling the card opening device to operate in a complete locking stage, wherein in the complete locking stage, before the card opening device judges that the data storage device passes through a verification program, data transmission is not allowed between the card opening device and the data storage device; executing a verification program of the data storage device to judge whether the data storage device passes the verification program; after the data storage device passes the verification program, controlling the card opening device to operate in an unlocking stage; and in the unlocking stage, the card opening device receives a third control instruction and device firmware of the data storage device from the electronic device, and transmits the device firmware to the data storage device in response to the third control instruction so as to enable the data storage device.

Drawings

Fig. 1 is a schematic diagram illustrating a data storage device according to an embodiment of the invention.

Fig. 2 is a block diagram illustrating an exemplary card opening device according to an embodiment of the invention.

FIG. 3 is a block diagram illustrating an electronic device system architecture according to an embodiment of the present invention.

FIG. 4 is a flowchart illustrating a method for authenticating and enabling a data storage device using a card-opening device according to an embodiment of the invention.

FIG. 5 is a message flow diagram illustrating the authentication and enabling of a data storage device using a card-opening device according to a first embodiment of the invention.

FIG. 6 is a message flow diagram illustrating the authentication and enabling of a data storage device by a card-opening device according to a second embodiment of the invention.

FIG. 7 is a message flow diagram illustrating the authentication and enabling of a data storage device by a card-opening device according to a third embodiment of the invention.

Description of the symbols

21A-a central control unit;

21B-UFS control unit;

100-a data storage device;

110-a memory controller;

112-a microprocessor;

112M-read only memory;

112C-program code;

114-control logic;

116-a buffer memory;

118-interface logic;

120-a memory device;

130-a host device;

132-an encoder;

134-a decoder;

140-a processor;

200-a card opening device;

210-a main portion;

211-USB physical layer circuit unit;

212-USB MAC layer circuit unit;

213. a CPU-central processing unit;

214. ROM-read only memory;

215. DMA device-direct memory access device;

216. SRAM-static random access memory;

217-UFS host controller;

218-UniPRO circuit unit;

219-M-PHY layer circuit unit;

220-SD host controller;

221-eMMC host controller;

222-a system bus bar;

230-a memory device;

interface _1, Interface _2, Interface _3, Interface _4, and Interface _ 5;

tiny _ code-program code.

Detailed Description

In order to make the objects, features and advantages of the present invention comprehensible, specific embodiments accompanied with figures are described in detail below. For the purposes of illustrating the spirit of the present invention and not for limiting the scope of the present invention, it is to be understood that the following embodiments may be implemented via software, hardware, firmware, or any combination thereof.

Fig. 1 is a schematic diagram illustrating a data storage device 100 according to an embodiment of the invention. The data storage device 100 includes a Memory device 120, such as a NAND Flash Memory (NAND Flash Memory) module, and a Memory controller 110, and the Memory controller 110 is used for accessing (Access) the Memory device 120. According to one embodiment of the present invention, the Memory controller 110 includes a microprocessor 112, a Read Only Memory (ROM) 112M, a control logic 114, a buffer 116, and an interface logic 118. The ROM 112M is used for storing a program code 112C, and the microprocessor 112 is used for executing the program code 112C to control access to the memory device 120. The control logic 114 includes an encoder 132 and a decoder 134. The encoder 132 is used for encoding data written into the memory device 120 to generate a corresponding check Code (or Error Correction Code (ECC)). The decoder 134 is used to decode data read from the memory device 120.

Typically, the memory device 120 comprises a plurality of flash memory chips, each of which comprises a plurality of memory blocks (blocks), and the controller (e.g., the memory controller 110 executing the program code 112C via the microprocessor 112) performs erase data operations on the memory device 120 in units of blocks. In addition, a memory block can record (include) a specific number of pages (pages), wherein the controller (e.g., the memory controller 110 executing the program code 112C via the microprocessor 112) writes data to the memory device 120 in units of pages.

In practice, the memory controller 110 executing the program code 112C via the microprocessor 112 can utilize its internal components to perform various control operations, such as: the control logic 114 controls the access operations of the memory Device 120 (particularly, the access operations to at least one block or at least one page of data), the buffer memory 116 performs the required buffering, and the interface logic 118 communicates with a Host Device (Host Device) 130. The buffer Memory 116 is implemented by a Random Access Memory (RAM). For example, the buffer memory 116 may be a Static random access memory (Static RAM, SRAM), but the invention is not limited thereto.

Generally, the host device 130 can issue commands, such as read commands or write commands, to the data storage device 100 to access data stored in the memory device 120, or further control and manage the data storage device 100. The data storage device 100 may be configured as a digital camera, a mobile phone, a consumer electronic device, or the like. In one embodiment, the data storage device 100 can be a portable memory device (e.g., a memory card conforming to SD/MMC, CF, MS, XD standards), and the host device 130 is an electronic device connectable to the data storage device. In another embodiment, the data Storage device 100 may be a solid state drive or an Embedded Storage device conforming to the specification of Universal Flash Storage (UFS) or Embedded Multimedia Memory Card (EMMC) for being disposed in an electronic device, and the host device 130 may be a processor of the electronic device or another electronic device connectable to the data Storage device. Among them, UFS and eMMC are common flash memory specifications at present, and can bring higher data transmission speed and higher reliability to the flash memory.

As described above, in the mass production phase of the data storage device 100, the device firmware is loaded to enable the data storage device 100. Generally, the loading of device firmware can be accomplished through the host device 130 connected to the data storage device 100. In this case, the host device 130 connected to the data storage device 100 may be a card reader or a card opening device.

Fig. 2 is a block diagram illustrating an exemplary card opening device according to an embodiment of the invention. In an embodiment of the invention, the card-opening device 200 may be the host device 130 shown in fig. 1, connected to the data storage device 100 through a predetermined interface, for authenticating the data storage device 100, and loading device firmware required by the data storage device 100 into the data storage device 100 after confirming that the data storage device 100 passes the authentication.

According to an embodiment of the present invention, the card-opening device 200 may include a main portion 210 and an external memory device 230, wherein the external memory device 230 is configured outside the main portion 210. According to an embodiment of the present invention, the card opening device 200 may include a first Interface _ 1. The card-opening device communicates with the processor 140 via the Interface _1 by using a standard communication protocol, which may be, for example, a communication protocol of (Universal Serial bus, abbreviated as USB), a communication protocol of Advanced Technology Attachment, a communication protocol of Serial ATA, abbreviated as SATA, a communication protocol of Peripheral Component Interconnect Express (abbreviated as PCI-E), or the like, the card-opening device 200 may include a USB entity layer circuit unit 211 and a USB card Media Access Control (abbreviated as MAC) layer circuit unit 212 for performing different layers of data processing according to the USB communication protocol according to an embodiment of the present invention.

The card opening device 200 may further include a central control unit 21A. The Central control Unit 21A includes a Central Processing Unit (CPU) 213, a Read Only Memory (ROM) 214, a Direct Memory Access (DMA) device 215, and a Static Random Access Memory (SRAM) 216. According to an embodiment of the present invention, the card opening device 200 may include a second Interface _ 2. The card-unplugging device communicates with the external memory device 230 via Interface Interface _2 using a standard communication protocol, such as Inter-Integrated Circuit Bus (I2C), Serial Peripheral Interface (SPI), or others. The ROM214 stores boot code (BOOT code), and the external memory device 230 stores system programming (ISP) or ICP (ICP) code. When the card-opening device 200 is powered, the cpu 213 may execute the boot code stored in the ROM214 to initialize the card-opening device 200, read the ISP code from the external memory device 230 and load the ISP code into the SRAM 216, and then execute the ISP code to provide the predetermined function according to the contents compiled by the ISP code. The central control unit 21A may communicate with the UFS control unit 21B, SD control unit and the eMMC control unit via a system bus line 222. The UFS control unit 21B communicates with an external UFS device through a third Interface _3, where the Interface _3 may be an UFS Interface. The SD control unit communicates with an external SD card through a fourth Interface _4, where Interface _4 may be an SD Interface. The eMMC control unit communicates with an external eMMC card through a fifth Interface _5, where the Interface _5 may be an eMMC Interface.

The UFS control unit 21B may include a UFS host controller 217, a Mobile Industry Processor Interface (MIPI) standardized communication protocol (UniPRO) circuit unit 218, and a MIPI entity (M-PHY) layer circuit unit 219. The UFS host controller 217 may receive commands, such as read/write commands, and data from the cpu 213 via the system bus 222, and convert the received commands and data into a predetermined format according to the UFS protocol. The UniPRO circuit unit 218 and the M-PHY layer circuit unit 219 are configured to perform data processing of different layers (e.g., data link layer and physical layer) according to the UFS protocol. After format conversion and processing, the instructions and data are sent to the external UFS device via Interface _ 3.

The SD control unit may include an SD host controller 220. The SD host controller 220 may receive commands, such as read/write commands, and data from the cpu 213 via the system bus line 222, and convert the received commands and data into a predetermined format according to the SD protocol. After format conversion and processing, the instructions and data are sent to an external SD device via Interface _ 4. The eMMC control unit may include an eMMC host controller 221. The eMMC host controller 221 may receive commands, such as read/write commands, and data from the cpu 213 via the system bus 222, and convert the received commands and data to a predetermined format in accordance with the eMMC protocol. After format conversion and processing, the instructions and data are sent to the external eMMC device via Interface _ 5.

FIG. 3 is a block diagram illustrating an electronic device system architecture according to an embodiment of the present invention. The electronic device system may include a data storage device 100, a card opening device 200, and a processor 140. The data storage device 100 may include a memory controller 110 and a memory device 120. The card-opening device 200 and the data storage device 100 can communicate via the predetermined interface, which can be a flash memory interface, such as a UFS interface or an eMMC interface. At this time, the data storage device 100 may be a UFS device or an eMMC device.

According to an embodiment of the present invention, the card-opening device 200 (or the host device 130 described above) may be a hardware device used by the host to enable the data storage device 100. For example, as described above, the card-opening device 200 may verify the data storage device 100 during the mass production stage of the data storage device, and enable the data storage device 100 after verification. The enabling process may also be referred to as a card-opening process, and is used to load the corresponding device firmware into the data storage device 100 to enable the data storage device 100. The card-opening device 200 may communicate with the processor 140 via an interface and using a standard communication protocol, as described above. The processor 140 may be a processor of another electronic device, such as a computer device. According to an embodiment of the present invention, the processor 140 may issue an instruction for controlling the card-opening process. In response to the instructions received from the processor 140, the card-opening device 200 may transmit corresponding instructions (e.g., instructions such as UFC or eMMC) and data to the memory controller 110, and receive messages from the memory controller 110.

Referring back to fig. 2, after the card-opening device 200 is powered, the card-opening device 200 enters a first locking stage under the control of the central control unit 21A (e.g., under the control of the central processing unit 213 of the central control unit 21A), according to an embodiment of the present invention. In the first locking phase, the central control unit 21A (or the corresponding card-opening device 200) is only allowed to perform data transmission to the data storage device 100 at most a first predetermined number of times. In addition, the amount of data allowed to be transmitted to the data storage device 100 in the first locking stage may also be limited to not exceed a predetermined amount of data.

The central control unit 21A may receive a first control command and first verification data from the processor 140 (or corresponding electronic device including the processor 140, the same applies below). The first control command instructs the card-opening device 200 to transmit the first verification data to the data storage device 100.

In response to the first control command, the central control unit 21A provides the first verification data to another control unit, for example, the UFS control unit 21B through the system bus line 222, and the UFS control unit 21B performs the corresponding data processing as described above and then transmits the first verification data to the data storage device 100 through the corresponding Interface _ 3. In this embodiment, the data storage device 100 is a UFS device.

According to an embodiment of the present invention, the first verification data may include a Tiny amount of a program code Tiny _ code for generating encrypted data, which is used to assist the data storage device 100 in generating corresponding verification response data during the verification process.

According to an embodiment of the present invention, after the first verification data is transmitted to the data storage device 100, the card-opening device 200 enters a second locking stage under the control of the central control unit 21A. In the second locking phase, the central control unit 21A (or the corresponding card-opening device 200) is only allowed to perform data transmission to the data storage device 100 at most a second predetermined number of times. In addition, the amount of data allowed to be transferred to the data storage device in the second locking stage may also be limited to not exceed a predetermined amount of data.

After the first verification data is transmitted to the data storage device 100, the cpu 21A may receive a second control command from the processor 140. The second control command instructs the card-opening device 200 to transmit second verification data to the data storage device 100, wherein the second verification data may be provided by the processor 140 or generated by the card-opening device 200 (as will be described in more detail in different embodiments).

In response to the second control command, the central control unit 21A provides the second verification data to the corresponding control unit, for example, the UFS control unit 21B through the system bus line 222, and the UFS control unit 21B performs the corresponding data processing as described above and then transmits the second verification data to the data storage device 100 through the corresponding Interface _ 3.

After the second verification data is transmitted, the card-opening device 200 waits for the data storage device 100 to return the corresponding verification response data. After receiving the verification response data, the central control unit 21A executes a verification procedure of the data storage device 100 according to the verification response data. According to an embodiment of the present invention, after the transmission of the second verification data is performed, the card-opening device 200 enters a full-locking stage under the control of the central control unit 21A. In the full lock phase, the central control unit 21A is not allowed to transmit any data to the data storage device 100 before determining that the data storage device 100 passes the verification procedure.

After determining that the data storage device 100 passes the verification procedure, the card-opening device 200 enters an unlocking stage under the control of the central control unit 21A, and in the unlocking stage, the central control unit 21A receives a third control command and a device firmware of the data storage device 100 from the processor 140. In response to the third control instruction, the central control unit 21A provides the device firmware to the corresponding control unit, for example, the UFS control unit 21B through the system bus line 222, and the UFS control unit 21B performs the corresponding data processing as described above and then transmits the device firmware to the data storage device 100 through the corresponding Interface _3 to enable the data storage device 100.

FIG. 4 is a flowchart illustrating a method for authenticating and enabling a data storage device using a card-opening device according to an embodiment of the invention. It should be noted that, in the embodiment of the present invention, the card-opening device may also be referred to as a host device, such as the host device 130 shown in fig. 1. First, the card-opening device may transmit first verification data to the data storage device in response to a first control command received from an electronic device (step S402). Then, after the first verification data is transmitted to the data storage device, the card-opening device may transmit second verification data to the data storage device in response to a second control command received from the electronic device (step S404). Then, after the transmission of the second verification data is executed, the card-opening device is controlled to operate in a full-locking stage (step S406), and a verification procedure of the data storage device is executed (step S408). Next, the card-opening device determines whether the data storage device passes the verification procedure (step S410). If so, the card-opening device is controlled to operate in an unlocking stage, so that the card-opening device can transmit the device firmware to the data storage device in response to a third control instruction received from the electronic device to enable the data storage device (step S412). If not, the unlocking is not carried out, and the card opening device is continuously operated at a full locking stage. In the complete locking stage, the card opening device is not allowed to transmit any data to the data storage device until the data storage device is judged to pass the verification program, so that the card opening device cannot transmit the device firmware to the data storage device before the data storage device is judged to pass the verification program. In other words, data stores that fail authentication are not enabled.

According to the first embodiment of the present invention, the second verification data includes a key selected by the processor 140 (or the corresponding electronic device including the processor 140, the same applies hereinafter) and an encryption method. The central control unit 21A (or the corresponding card-opening device 200, the same applies hereinafter) receives the second verification data from the processor 140, and in the verification process, the central control unit 21A further calculates a first encrypted key using the key and the encryption method, and compares whether the first encrypted key is the same as a second encrypted key (i.e., the verification response data) received from the data storage device 100, and determines that the data storage device passes the verification process when the first encrypted key is the same as the second encrypted key.

FIG. 5 is a message flow diagram illustrating the authentication and enabling of a data storage device using a card-opening device according to a first embodiment of the invention. Fig. 5 shows the message flow between the electronic device (or the processor 140 included therein, the same also applies hereinafter), the card-opening device 200/the host device 130 (or the central control unit 21A included therein, the same applies hereinafter), and the data storage device 100 (or the memory controller 110 included therein, the same applies hereinafter).

According to an embodiment of the present invention, after the card-opening device 200 is powered, the card-opening device enters a first locking stage. Before being successfully unlocked, the card-opening device 200 is only allowed to perform the first predetermined number of data transmissions to the data storage device 100, and the amount of data that can be transmitted in each data transmission is also limited to not more than a predetermined amount of data.

According to an embodiment of the present invention, in the first locking phase, the card-opening device 200 is only allowed to perform at most two data transmissions to the data storage device 100, and the amount of data transmitted from the card-opening device 200 to the data storage device 100 in the first data transmission is limited to, for example, not more than 64 kB.

As shown in fig. 5, after the card-opening device 200 is powered, the electronic apparatus transmits the first control command and the first verification data to the card-opening device 200, wherein, in the embodiment of the present invention, the first verification data includes a program code Tiny _ code for generating the encrypted data (e.g., the encrypted key). The card opening device 200 transmits first verification data including a program code Tiny _ code to the data storage device 100 in response to the first control instruction.

After the first verification data is transmitted to the data storage device 100, the card-opening device 200 enters a second locking stage. According to an embodiment of the present invention, in the second locking phase, the card-opening device 200 is only allowed to perform a second predetermined number of data transmissions to the data storage device 100, and the amount of data that can be transmitted in each data transmission is also limited to not exceed a predetermined amount of data, wherein the second predetermined number may be less than the first predetermined number. For example, in the second locking phase, the card-opening device 200 is only allowed to perform at most one data transmission to the data storage device 100, and the amount of data transmitted to the data storage device 100 by the card-opening device 200 in this data transmission is limited to, for example, not more than 64 kB.

After receiving the first verification data including the program code Tiny _ code, the data storage device 100 may respond with a transmission completion message to the card-opening device 200, and the card-opening device 200 may further respond with a transmission completion message to the electronic device. According to an embodiment of the present invention, the data storage device 100 may store the received first verification data in the buffer memory 116, so as to execute the program code Tiny _ code. It is noted that, in the embodiment of the present invention, the data storage device 100 does not further store the program code Tiny _ code into the memory device 120.

According to an embodiment of the present invention, the program code Tiny _ code may comprise a predetermined number of encryption program codes and decryption program codes, and a predetermined number of dummy data (dummy data). That is, in the embodiment of the present invention, the real encryption/decryption code is embedded in the program code Tiny _ code, and the program code Tiny _ code is scrambled by the dummy data. By executing the firmware pre-stored in the rom 112M, the memory controller 110 of the data storage device 100 can parse the code Tiny _ code, parse the actual encrypted/decrypted code, and store it in the buffer 116 for subsequent execution.

According to the first embodiment of the present invention, after receiving the transmission completion message, the electronic device may randomly select an encryption method and generate a key. The electronic device may transmit the key and the selected encryption method as second verification data to the card-opening device 200. In response to the corresponding control message sent by the electronic device, the card-opening device 200 further transmits the key and the information of the encryption method as second verification data to the data storage device 100.

After the second verification data is transmitted to the data storage device 100, the card-opening device 200 enters a third locking phase, which is a complete locking phase. In the fully locked phase, the card-opening device 200 is not allowed to transfer any data to the data storage device. That is, no further command and data transmission is allowed between the card opening device 200 and the data storage device 100.

After receiving the key and the encryption method information, the data storage device 100 may execute a Tiny _ code for generating encrypted data according to the encryption method and the key. As described above, the memory controller 110 of the data storage device 100 can parse the program code Tiny _ code according to the encryption method instructed by the electronic device, and analyze the actual encrypted/decrypted program code required by the electronic device.

According to an embodiment of the present invention, the data storage device 100 may calculate the encrypted key as the encrypted data, and may transmit the encrypted data back to the card-opening device 200.

According to another embodiment of the present invention, the data storage device 100 may randomly generate a large amount of dummy data, calculate the encrypted key, embed the encrypted key into the dummy data according to the encryption method as the encrypted data, and transmit the encrypted data back to the card-opening device 200.

After receiving the encrypted data, the card-opening device 200 may compare the calculated encrypted key with the encrypted key received from the data storage device 100, and compare whether the calculated encrypted key and the encrypted key are the same, so as to verify whether the data storage device is an authorized device. In some embodiments, in which the encrypted key is embedded in the dummy data as the encrypted data, the card-opening device 200 may further use the encryption method to find the location of the valid data (i.e., the encrypted key) embedded in the dummy data, so as to find the encrypted key transmitted by the data storage device 100. After finding the encrypted key, the card-opening device 200 may compare the encrypted key calculated by itself with the encrypted key received from the data storage device 100, and compare whether the two are the same, so as to verify whether the data storage device is an authorized device (i.e., integrity of the device).

In an embodiment of the present invention, the card-opening device 200 may execute the program code Tiny _ code for further generating (calculating) the encrypted key by itself according to the encryption method using the key. In another embodiment of the present invention, the card-opening device 200 may execute program codes stored in the memory device 230 to generate (calculate) an encrypted key by itself using the key according to an encryption method. If the encrypted key calculated by the card-opening device 200 does not match the encrypted key received from the data storage device 100, the card-opening device 200 continues to operate in the full-lock phase.

If the encrypted key calculated by the card-opening device 200 matches the encrypted key received from the data storage device 100, it represents that the data storage device 100 passes the authentication procedure. After the data storage device 100 passes the verification procedure, the card-opening device 200 operates in an unlocking stage. The card-opening device 200 may transmit an unlocking response message to the electronic device.

In response to the unlocking response message, the electronic device may confirm that the data storage device 100 has passed the authentication procedure, and thus start the card-opening procedure of the data storage device 100 by transmitting the device firmware required to enable the data storage device 100 to the card-opening device 200. The card-opening device 200 then transfers the device firmware to the data storage device 100. The device firmware may ultimately be loaded into the memory device 120 of the data storage device 100 via control of the memory controller 110. When the device firmware is successfully loaded, the card opening procedure is completed, and the data storage device 100 may transmit a card opening completion message to the card opening device 200.

When the card opening device 200 receives the card opening completion message, the card opening completion message is further transmitted to the electronic device. When the electronic device receives the card opening completion message, the electronic device may issue an instruction to close the card opening device 200 or close the related circuits in the card opening device 200 for communicating with the data storage device 100. Thereafter, when the card-opening device 200 or the related circuits are powered again, the card-opening device 200 will enter the first locking stage again to execute the verification and card-opening procedure for the next data storage device.

According to a second embodiment of the present invention, the second verification data comprises an encrypted key and a corresponding encryption/decryption method. The cpu 21A receives an encryption method and a key selected by the processor 140 from the processor 140, calculates an encrypted key using the key according to the encryption method, and transmits the encrypted key and a corresponding encryption or decryption method as second verification data to the data storage device 100. The data storage device 100 decrypts the encrypted key according to the encryption or decryption method, and then transmits the decrypted key (i.e., the verification response data) back to the card-opening device 200. In the verification process, the cpu 21A compares whether the key received from the processor 140 is the same as the decrypted key received from the data storage device 100, and determines that the data storage device passes the verification process when the two are the same.

FIG. 6 is a message flow diagram illustrating the authentication and enabling of a data storage device by a card-opening device according to a second embodiment of the invention. Fig. 6 shows the message flow between the electronic device (or the processor 140 included therein, the same also applies hereinafter), the card-opening device 200/the host device 130 (or the central control unit 21A included therein, the same applies hereinafter), and the data storage device 100 (or the memory controller 110 included therein, the same applies hereinafter).

Similar to the first embodiment, after the card-opening device 200 is powered, the card-opening device 200 enters a first locking stage. Before being successfully unlocked, the card-opening device 200 is only allowed to perform the first predetermined number of data transmissions to the data storage device 100, and the amount of data that can be transmitted in each data transmission is also limited to not more than a predetermined amount of data.

According to an embodiment of the present invention, in the first locking phase, the card-opening device 200 is only allowed to perform at most two data transmissions to the data storage device 100, and the amount of data transmitted from the card-opening device 200 to the data storage device 100 in the first data transmission is limited to, for example, not more than 64 kB.

As shown in fig. 6, after the card-opening device 200 is powered, the electronic apparatus transmits the first control command and the first verification data to the card-opening device 200, wherein, in the embodiment of the present invention, the first verification data includes a program code Tiny _ code for generating the encrypted data (e.g., the encrypted key). The card opening device 200 transmits first verification data including a program code Tiny _ code to the data storage device 100 in response to the first control instruction.

After the first verification data is transmitted to the data storage device 100, the card-opening device 200 enters a second locking stage. According to an embodiment of the present invention, in the second locking phase, the card-opening device 200 is only allowed to perform a second predetermined number of data transmissions to the data storage device 100, and the amount of data that can be transmitted in each data transmission is also limited to not exceed a predetermined amount of data, wherein the second predetermined number may be less than the first predetermined number. For example, in the second locking phase, the card-opening device 200 is only allowed to perform at most one data transmission to the data storage device 100, and the amount of data transmitted to the data storage device 100 by the card-opening device 200 in this data transmission is limited to, for example, not more than 64 kB.

After receiving the first verification data including the program code Tiny _ code, the data storage device 100 may respond with a transmission completion message to the card-opening device 200, and the card-opening device 200 may further respond with a transmission completion message to the electronic device. According to an embodiment of the present invention, the data storage device 100 may store the received first verification data in the buffer memory 116, so as to execute the program code Tiny _ code. It is noted that, in the embodiment of the present invention, the data storage device 100 does not further store the program code Tiny _ code into the memory device 120.

According to a second embodiment of the present invention, after receiving the transmission completion message, the electronic device may randomly select an encryption method and generate a key. The electronic device can transmit the key and the information of the selected encryption method to the card-opening device 200. According to an embodiment of the present invention, the card-opening device 200 then executes the program code Tiny _ code or the program stored in the memory device 230 to generate the encrypted key as the encrypted data according to the encryption method using the key. According to another embodiment of the present invention, the card-opening device 200 may randomly generate a large amount of dummy data, calculate an encrypted key, and embed the encrypted key in the dummy data as encrypted data according to an encryption method.

According to an embodiment of the present invention, the card-opening device 200 then transmits the encrypted data and the information of the encryption method to the data storage device 100.

In another embodiment of the present invention, the card-opening device 200 may transmit the encrypted data and the information of the decryption method to the data storage device 100. In this embodiment, the ROM214 or the memory device 230 can store a lookup table for recording the corresponding relationship between the encrypted codes and the corresponding encryption methods, and the corresponding decrypted codes and the corresponding decryption methods. Therefore, in this embodiment, after receiving the information of the encryption method selected by the electronic device, the card-opening device 200 may look up the lookup table to know which decryption method corresponds to the encryption method selected by the electronic device, and transmit the encrypted data and the information of the decryption method to the data storage device 100.

In an embodiment of the present invention, after receiving the encrypted data and the information of the encryption method, the data storage device 100 may execute the Tiny code to locate the valid data (i.e., the encrypted key) embedded in the dummy data by using the encryption method, so as to locate the encrypted key transmitted by the card-opening device 200. After finding the encrypted key, the data storage device 100 further decrypts the key. More specifically, in this embodiment, a lookup table for recording the corresponding relationship between the encrypted codes and the corresponding encryption methods and the corresponding decrypted codes and decryption methods may be stored in the code Tiny _ code. After receiving the information of the encryption method selected by the electronic device, the data storage device 100 can look up the lookup table to know which decryption method corresponds to the encryption method selected by the electronic device, and obtain the corresponding decryption program code. The data storage device 100 can further decrypt the key by executing the decryption code. After the decryption is completed, the data storage device 100 may transmit the decrypted key to the card-opening device 200.

In another embodiment where the card-opening device 200 transmits the encrypted data and the decryption method information to the data storage device 100, after receiving the encrypted data and the decryption method information, the data storage device 100 may execute the Tiny code to locate the valid data (i.e., the encrypted key) embedded in the dummy data by using the corresponding encryption method, so as to locate the encrypted key transmitted by the card-opening device 200. After finding the encrypted key, the data storage device 100 further decrypts the key by executing the decryption code obtained according to the received information of the decryption method. After the decryption is completed, the data storage device 100 may transmit the decrypted key to the card-opening device 200.

After receiving the decrypted key, the card-opening device 200 may compare the decrypted key with the key received from the electronic device to determine whether the decrypted key is the same as the key received from the electronic device, so as to verify whether the data storage device is an authorized device (i.e., integrity).

If the decrypted key calculated by the data storage device 100 does not match the key received from the electronic device, the card-opening device 200 continues to operate in the full-lock phase.

If the decrypted key calculated by the data storage device 100 matches the key received from the electronic device, it represents that the data storage device 100 passes the verification procedure. After the data storage device 100 passes the verification procedure, the card-opening device 200 operates in an unlocking stage. The card-opening device 200 may transmit an unlocking response message to the electronic device.

In response to the unlocking response message, the electronic device may confirm that the data storage device 100 has passed the authentication procedure, and thus start the card-opening procedure of the data storage device 100 by transmitting the device firmware required to enable the data storage device 100 to the card-opening device 200. The card-opening device 200 then transfers the device firmware to the data storage device 100. The device firmware may ultimately be loaded into the memory device 120 of the data storage device 100 via control of the memory controller 110. When the device firmware is successfully loaded, the card opening procedure is completed, and the data storage device 100 may transmit a card opening completion message to the card opening device 200.

When the card opening device 200 receives the card opening completion message, the card opening completion message is further transmitted to the electronic device. When the electronic device receives the card opening completion message, the electronic device may issue an instruction to close the card opening device 200 or close the related circuits in the card opening device 200 for communicating with the data storage device 100. Thereafter, when the card-opening device 200 or the related circuits are powered again, the card-opening device 200 will enter the first locking stage again to execute the verification and card-opening procedure for the next data storage device.

According to a third embodiment of the present invention, the second verification data comprises an encrypted key and a corresponding encryption/decryption method. The cpu 21A receives the key generated by the processor 140 from the processor 140, selects an encryption method, calculates an encrypted key using the key according to the encryption method, and transmits the encrypted key and a corresponding encryption or decryption method as second verification data to the data storage device 100. The data storage device 100 decrypts the encrypted key according to the encryption or decryption method, and then transmits the decrypted key (i.e., the verification response data) back to the card-opening device 200. In the verification process, the cpu 21A compares whether the key received from the processor 140 is the same as the decrypted key received from the data storage device 100, and determines that the data storage device passes the verification process when the two are the same.

FIG. 7 is a message flow diagram illustrating the authentication and enabling of a data storage device by a card-opening device according to a third embodiment of the invention. Fig. 7 shows the message flow between the electronic device (or the processor 140 included therein, the same also applies hereinafter), the card-opening device 200/the host device 130 (or the central control unit 21A included therein, the same applies hereinafter), and the data storage device 100 (or the memory controller 110 included therein, the same applies hereinafter).

Similar to the first embodiment, after the card-opening device 200 is powered, the card-opening device 200 enters a first locking stage. Before being successfully unlocked, the card-opening device 200 is only allowed to perform the first predetermined number of data transmissions to the data storage device 100, and the amount of data that can be transmitted in each data transmission is also limited to not more than a predetermined amount of data.

According to an embodiment of the present invention, in the first locking phase, the card-opening device 200 is only allowed to perform at most two data transmissions to the data storage device 100, and the amount of data transmitted from the card-opening device 200 to the data storage device 100 in the first data transmission is limited to, for example, not more than 64 kB.

As shown in fig. 7, after the card-opening device 200 is powered, the electronic apparatus transmits the first control command and the first verification data to the card-opening device 200, wherein, in the embodiment of the present invention, the first verification data includes a program code Tiny _ code for generating the encrypted data (e.g., the encrypted key). The card-opening device 200 then transmits the first verification data including the program code Tiny _ code to the data storage device 100 in response to the first control instruction.

After the first verification data is transmitted to the data storage device 100, the card-opening device 200 enters a second locking stage. According to an embodiment of the present invention, in the second locking phase, the card-opening device 200 is only allowed to perform a second predetermined number of data transmissions to the data storage device 100, and the amount of data that can be transmitted in each data transmission is also limited to not exceed a predetermined amount of data, wherein the second predetermined number may be less than the first predetermined number. For example, in the second locking phase, the card-opening device 200 is only allowed to perform at most one data transmission to the data storage device 100, and the amount of data transmitted to the data storage device 100 by the card-opening device 200 in this data transmission is limited to, for example, not more than 64 kB.

After receiving the first verification data including the program code Tiny _ code, the data storage device 100 may respond with a transmission completion message to the card-opening device 200, and the card-opening device 200 may further respond with a transmission completion message to the electronic device.

According to a third embodiment of the present invention, the electronic device generates a key after receiving the transmission completion message. The electronic device can transmit the key to the card-opening device 200. In the third embodiment of the present invention, the card-opening device 200 may randomly select an encryption method for encrypting the key, and may execute the Tiny code or the program stored in the memory device 230 to generate the encrypted key using the key according to the encryption method. In an embodiment of the present invention, the card-opening device 200 may generate an encrypted key as the encrypted data, and transmit the encrypted data and the information of the encryption or decryption method to the data storage device 100. In another embodiment of the present invention, the card-opening device 200 may randomly generate a large amount of dummy data, generate an encrypted key, and embed the encrypted key in the dummy data as encrypted data according to an encryption method. The card-opening device 200 then transmits the encrypted data and the information of the encryption or decryption method to the data storage device 100.

After receiving the encrypted data and the information of the encryption or decryption method, the data storage device 100 may execute the Tiny code to locate the valid data (i.e., the encrypted key) embedded in the dummy data by using the encryption or decryption method, and decrypt the key by executing the decryption code according to the received information of the encryption or decryption method. After the decryption is completed, the data storage device 100 may transmit the decrypted key to the card-opening device 200.

After receiving the decrypted key, the card-opening device 200 may compare the decrypted key with the key received from the electronic device to determine whether the decrypted key is the same as the key received from the electronic device, so as to verify whether the data storage device is an authorized device (i.e., integrity).

If the decrypted key calculated by the data storage device 100 does not match the key received from the electronic device, the card-opening device 200 continues to operate in the full-lock phase.

If the decrypted key calculated by the data storage device 100 matches the key received from the electronic device, it represents that the data storage device 100 passes the verification procedure. After the data storage device 100 passes the verification procedure, the card-opening device 200 operates in an unlocking stage. The card-opening device 200 may transmit an unlocking response message to the electronic device.

In response to the unlocking response message, the electronic device may confirm that the data storage device 100 has passed the authentication procedure, and thus start the card-opening procedure of the data storage device 100 by transmitting the device firmware required to enable the data storage device 100 to the card-opening device 200. The card-opening device 200 then transfers the device firmware to the data storage device 100. The device firmware may ultimately be loaded into the memory device 120 of the data storage device 100 via control of the memory controller 110. When the device firmware is successfully loaded, the card opening procedure is completed, and the data storage device 100 may transmit a card opening completion message to the card opening device 200.

When the card opening device 200 receives the card opening completion message, the card opening completion message is further transmitted to the electronic device. When the electronic device receives the card opening completion message, the electronic device may issue an instruction to close the card opening device 200 or close the related circuits in the card opening device 200 for communicating with the data storage device 100. Thereafter, when the card-opening device 200 or the related circuits are powered again, the card-opening device 200 will enter the first locking stage again to execute the verification and card-opening procedure for the next data storage device.

As described above, in the embodiments of the present invention, before executing the card opening procedure of the data storage device, the card opening device will verify whether the data storage device is authorized or allowed, and before determining that the data storage device passes the verification, the card opening device will operate in the fully locked state, so that no data transmission between the card opening device and the data storage device is required, so as to protect the device firmware from being easily loaded into an unauthorized or allowed device. In other words, in the embodiment of the present invention, the data storage device that cannot pass the verification cannot be enabled through the card opening device of the present invention. Compared with the prior art, the method and the card opening device provided by the invention can more efficiently and safely start the data storage device.

Although the present invention has been described with reference to the preferred embodiments, it should be understood that various changes and modifications can be made therein by those skilled in the art without departing from the spirit and scope of the invention as defined by the appended claims.