US20130297948A1 - System on chip, method of operating the same, and devices including the system on chip - Google Patents

System on chip, method of operating the same, and devices including the system on chip Download PDF

Info

Publication number
US20130297948A1
US20130297948A1 US13/718,382 US201213718382A US2013297948A1 US 20130297948 A1 US20130297948 A1 US 20130297948A1 US 201213718382 A US201213718382 A US 201213718382A US 2013297948 A1 US2013297948 A1 US 2013297948A1
Authority
US
United States
Prior art keywords
data
soc
engine
encryption
memory
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US13/718,382
Inventor
Heon Soo LEE
Hong-Mook Choi
Sang-hyun Park
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Samsung Electronics Co Ltd
Original Assignee
Samsung Electronics Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Samsung Electronics Co Ltd filed Critical Samsung Electronics Co Ltd
Assigned to SAMSUNG ELECTRONICS CO., LTD. reassignment SAMSUNG ELECTRONICS CO., LTD. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: CHOI, HONG-MOOK, LEE, HEON SOO, PARK, SANG-HYUN
Publication of US20130297948A1 publication Critical patent/US20130297948A1/en
Priority to US14/702,167 priority Critical patent/US9489540B2/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/72Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F13/00Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
    • G06F13/14Handling requests for interconnection or transfer
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1408Protection against unauthorised use of memory or access to memory by using cryptography
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F13/00Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
    • G06F13/14Handling requests for interconnection or transfer
    • G06F13/20Handling requests for interconnection or transfer for access to input/output bus
    • G06F13/28Handling requests for interconnection or transfer for access to input/output bus using burst mode transfer, e.g. direct memory access DMA, cycle steal
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F13/00Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
    • G06F13/38Information transfer, e.g. on bus
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/74Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/85Protecting input, output or interconnection devices interconnection devices, e.g. bus-connected or in-line devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0602Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
    • G06F3/0614Improving the reliability of storage systems
    • G06F3/0619Improving the reliability of storage systems in relation to data integrity, e.g. data losses, bit errors
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0628Interfaces specially adapted for storage systems making use of a particular technique
    • G06F3/0655Vertical data movement, i.e. input-output transfer; data movement between one or more hosts and one or more storage devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0668Interfaces specially adapted for storage systems adopting a particular infrastructure
    • G06F3/0671In-line storage system
    • G06F3/0673Single storage device
    • G06F3/0679Non-volatile semiconductor memory device, e.g. flash memory, one time programmable memory [OTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2206/00Indexing scheme related to dedicated interfaces for computers
    • G06F2206/10Indexing scheme related to storage interfaces for computers, indexing schema related to group G06F3/06
    • G06F2206/1014One time programmable [OTP] memory, e.g. PROM, WORM
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2212/00Indexing scheme relating to accessing, addressing or allocation within memory systems or architectures
    • G06F2212/10Providing a specific technical effect
    • G06F2212/1052Security improvement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/12Details relating to cryptographic hardware or logic circuitry

Definitions

  • Exemplary embodiments of the inventive concept relate to a system on chip (SoC), a method of operating the SoC, and devices including the SoC.
  • SoC system on chip
  • a main memory may receive programs that are to be executed by a central processing unit (CPU) and data required by the CPU, from a separate storage medium, for example, a non-volatile memory device.
  • the main memory may transmit data to the separate storage medium, for example, the non-volatile memory device, to store the data.
  • Data exchanged between the main memory and the non-volatile memory device may be encrypted to prevent unauthorized users from accessing the data.
  • Performance of a system including the main memory and the non-volatile memory device may vary based on the path used to exchange data between the main memory and the non-volatile memory device.
  • a method of operating a system on chip includes converting plain data into cipher data by an engine within the SoC using an encryption key; and transmitting, by the engine, the cipher data directly to a memory controller within the SoC that controls an operation of a non-volatile memory.
  • the plain data may be data read from a main memory via a bus under the control of a central processing unit (CPU).
  • CPU central processing unit
  • the method may include the SoC reading the plain data from the main memory.
  • the plain data may be data output from a direct memory access (DMA) unit.
  • DMA direct memory access
  • the method may include a DMA unit within the SoC outputting the plain data to the engine.
  • the encryption key may be output from a one-time programmable (OTP) memory.
  • OTP one-time programmable
  • the method may include an OTP within the SoC outputting the key to the engine.
  • the encryption key may be input only according to a secure program.
  • the method may include outputting the key to the engine only while a secure program is being executed (e.g., by a CPU within the SoC).
  • the plain data may be converted into the cipher data in units of blocks.
  • a method of operating a system on chip includes receiving, by an engine within the SoC, cipher data directly from a memory controller within the SoC which controls an operation of a non-volatile memory; and converting, by the engine, the cipher data into plain data by using an encryption key.
  • the method may further include transmitting the plain data to a direct memory access (DMA) unit.
  • DMA direct memory access
  • the method may further include a DMA unit within the SoC transmitting the plain data to the engine.
  • the cipher data may be converted into the plain data in units of blocks.
  • a system on chip includes an encryption/decryption engine which encrypts first plain data into first cipher data or decrypts second cipher data into second plain data, by using an encryption key; and a memory controller which is directly connected to the encryption/decryption engine and transmits the first cipher data to a non-volatile memory or receives the second cipher data from the non-volatile memory.
  • the SoC may further include a one-time programmable (OTP) memory which stores the encryption key.
  • the SoC may further include a direct memory access (DMA) unit which transmits the first plain data, which is received from a data source, to the encryption/decryption engine or transmits the second plain data, which is received from the encryption/decryption engine, to the data source.
  • DMA direct memory access
  • the DMA unit may receive the first plain data from a device outside the SOC and transmit the first plain data to the engine or transmit the second plain data received from the engine to the device.
  • the DMA unit may be directly connected to the encryption/decryption engine.
  • the SoC may further include a CPU which controls transmission of the first plain data or the second plain data between a data source and the encryption/decryption engine.
  • the data source may be a device located outside the SoC.
  • a system-in package includes the SoC and a data source which communicates data with a non-volatile memory under the control of the SoC.
  • the data source may be a device outside the SoC.
  • a system-in package includes the SoC, a non-volatile memory, and a data source which communicates data with the non-volatile memory under the control of the SoC.
  • a system on chip includes a memory controller configured to control a non-volatile memory, and an encryption/decryption engine directly connected to the memory controller and configured to encrypt or decrypt data.
  • the SoC controls transmission of data between a data source (e.g., a device outside the SoC) and the non-volatile memory.
  • the memory controller and the engine correspond to a first data path for transmitting data.
  • an electronic device includes a data source; a non-volatile memory; and a system on chip (SoC) which controls transmission of data between the data source and the non-volatile memory.
  • SoC may include a memory controller which controls the non-volatile memory; and an encryption/decryption engine which is directly connected to the memory controller and encrypts or decrypts the data.
  • the encryption/decryption engine may encrypt or decrypt the data by using an encryption key that is stored in a one-time programmable (OTP) memory.
  • OTP one-time programmable
  • a system on chip includes a data bus, a main memory controller configured to output plain data to the bus, an engine configured to encrypt the plain data from the bus into cipher data using a key, a NVM controller, a first electrical path connecting the bus to the NVM controller to bypass the encryption engine, and a second electrical path connecting the bus to the NVM controller through the encryption engine.
  • the SoC activates only the first electrical path (e.g., deactivates the second electrical path) in a non-secure mode for sending the plain data from the bus to the NVM controller.
  • the SoC activates only the second electrical path (e.g., deactivates the first electrical path) in a secure mode for sending the plain data to the engine and the cipher data from the engine to the NVM controller.
  • the first electrical path may include a path of the plain text through a multiplexer and a demultiplexer to the NVM controller.
  • the second electrical path may include a path of the plain data through the multiplexer to the engine and a path of the cipher data through the demultiplexer to the NVM controller.
  • the SoC may further include an OTP configured to provide a same selection signal to the multiplexer and the demultiplexer for activating one of the first and second electrical paths.
  • the engine may be configured to decrypt cipher data received from the NVM controller across the second electrical path.
  • FIG. 1 is a block diagram of a system including a system on chip (SoC) according to an exemplary embodiment of the inventive concept;
  • SoC system on chip
  • FIG. 2 is a block diagram of the SoC illustrated in FIG. 1 according to an exemplary embodiment of the inventive concept
  • FIG. 3 is a conceptual diagram for describing a secure mode in which a encryption key can be input to an encryption/decryption engine illustrated in FIG. 2 ;
  • FIG. 4 is a block diagram of the SoC illustrated in FIG. 1 according to an exemplary embodiment of the inventive concept
  • FIG. 5 is a block diagram of the SoC illustrated in FIG. 1 according to an exemplary embodiment of the inventive concept
  • FIG. 6 is a block diagram of the SoC illustrated in FIG. 1 according to an exemplary embodiment of the inventive concept
  • FIG. 7 is a block diagram of the SoC illustrated in FIG. 1 according to an exemplary embodiment of the inventive concept
  • FIG. 8 is a block diagram of a selection circuit and an encryption/decryption engine illustrated in FIG. 7 according to an exemplary embodiment of the inventive concept;
  • FIG. 9 is a block diagram of the SoC illustrated in FIG. 1 according to an exemplary embodiment of the inventive concept
  • FIG. 10 is a flowchart of a method of operating an SoC, according to an exemplary embodiment of the inventive concept
  • FIG. 11 is a flowchart of a method of operating an SoC, according to an exemplary embodiment of the inventive concept
  • FIG. 12 is a flowchart of a method of operating an SoC, according to an exemplary embodiment of the inventive concept
  • FIG. 13 is a flowchart of a method of operating an SoC, according to an exemplary embodiment of the inventive concept
  • FIG. 14 is a block diagram of a data processing device including the system of FIG. 1 , according to an exemplary embodiment of the inventive concept;
  • FIG. 15 is a block diagram of a data processing device including the system of FIG. 1 , according to an exemplary embodiment of the inventive concept;
  • FIG. 16 is a block diagram of a data processing device including the system of FIG. 1 , according to an exemplary embodiment of the inventive concept;
  • FIG. 17 is a block diagram of a system-in package including the SoC illustrated in FIG. 1 , according to an exemplary embodiment of the inventive concept, and a non-volatile memory device illustrated in FIG. 1 ;
  • FIG. 18 is a block diagram of a system-in package including the SoC illustrated in FIG. 1 , according to an exemplary embodiment of the inventive concept.
  • the data is either transmitted from the one device directly (e.g., “directly transmitted”) or indirectly (e.g., “indirectly transmitted”) to the other device.
  • the one device directly transmits the data the data is transmitted from the one device to the other device without passing through another device except a wire.
  • the data is transmitted from the one device to the other device through a multiplexer or a demultiplexer without using additional devices.
  • these devices may directly connected to one another (e.g., “connected directly”) or indirectly connected (e.g., “connected indirectly”) to one another.
  • no devices are present between the two devices except a wire.
  • no devices are present between the two devices other than a multiplexer or a demultiplexer.
  • the apparatuses and methods described herein may be implemented in various forms of hardware, software, firmware, special purpose processors, or a combination thereof.
  • a portion of the present inventive concept may be implemented as an application comprising program instructions that are tangibly embodied on one or more program storage devices or computer readable media (e.g., hard disk, magnetic floppy disk, RAM, ROM, CD ROM, etc.) and executable by any device or machine comprising suitable architecture, such as a general purpose digital computer having a processor, memory, and input/output interfaces.
  • suitable architecture such as a general purpose digital computer having a processor, memory, and input/output interfaces.
  • FIG. 1 is a block diagram of a system 10 including a system on chip (SoC) 100 according to an exemplary embodiment of the present inventive concept.
  • the system 10 includes the SoC 100 , a non-volatile memory device 200 , and a main memory 300 .
  • the system 10 may be implemented by using a personal computer (PC), a data server, or a portable device.
  • the portable device may be implemented by using a laptop computer, a mobile phone, a smart phone, a tablet PC, a personal digital assistant (PDA), an enterprise digital assistant (EDA), a digital still camera, a digital video camera, a portable multimedia player (PMP), a personal (or portable) navigation device (PND), a handheld game console, or an e-book.
  • PC personal computer
  • PDA personal digital assistant
  • EDA enterprise digital assistant
  • PMP portable multimedia player
  • PND personal (or portable) navigation device
  • handheld game console or an e-book.
  • the SoC 100 may control data transmission and reception between the non-volatile memory device 200 and the main memory 300 .
  • a structure and an operation of the SoC 100 will be described in detail later with reference to FIGS. 2 and 4 to 9 .
  • the non-volatile memory device 200 may store a variety of programs and data.
  • the non-volatile memory device 200 may be implemented by using an electrically erasable programmable read-only Memory (EEPROM), a flash memory, a magnetic random access memory (MRAM), a spin-transfer torque MRAM, a conductive bridging RAM (CBRAM), a ferroelectric RAM (FeRAM), a phase change RAM (PRAM), a resistive RAM (RRAM), a nanotube RRAM, a polymer RAM (PoRAM), a nano floating gate memory (NFGM), a holographic memory, a molecular electronics memory device, an insulator resistance change memory, or the like.
  • EEPROM electrically erasable programmable read-only Memory
  • MRAM magnetic random access memory
  • CBRAM conductive bridging RAM
  • FeRAM ferroelectric RAM
  • PRAM phase change RAM
  • RRAM resistive RAM
  • NFGM nano floating gate memory
  • holographic memory a molecular
  • the main memory 300 may receive programs which are to be executed in the SoC 100 and data required by the SoC 100 , from the non-volatile memory device 200 via the SoC 100 .
  • the main memory 300 may transmit data that is to be stored, to the non-volatile memory device 200 via the SoC 100 .
  • the main memory 300 may be implemented by using a RAM, for example, a dynamic RAM (DRAM) or a static RAM (SRAM), which is a volatile memory.
  • DRAM dynamic RAM
  • SRAM static RAM
  • the main memory 300 is not limited to a RAM, DRAM, or SRAM, as different types of memories may be used.
  • FIG. 2 is a block diagram of an SoC 100 A, which is an embodiment of the SoC 100 of FIG. 1 .
  • the SoC 100 A includes a bus 110 , a central processing unit (CPU) 120 , a memory controller 130 , a non-volatile memory controller 140 , and an encryption/decryption engine 150 .
  • CPU central processing unit
  • memory controller 130 a non-volatile memory controller
  • encryption/decryption engine 150 an encryption/decryption engine
  • the CPU 120 may be connected to the bus 110 and may control the entire operation of the SoC 100 A.
  • the memory controller 130 may control an operation of the main memory 300 , for example, a read or write operation.
  • the memory controller 130 may be connected to the bus 110 .
  • the non-volatile memory controller 140 may control a data access operation of the non-volatile memory device 200 , for example, a write operation, a read operation, a program operation, or an erase operation.
  • the encryption/decryption engine 150 may convert, namely, encrypt, plain data received from the main memory 300 via the memory controller 130 and the bus 110 , into cipher data (e.g., encrypted data).
  • the encryption/decryption engine 150 may transmit the cipher data directly, for example, on-the-fly, to the non-volatile memory controller 140 without passing through the bus 110 .
  • the encryption/decryption engine 150 receives cipher data directly, for example, on-the-fly, from the non-volatile memory controller 140 without passing through the bus 110 .
  • the encryption/decryption engine 150 may convert, for example, decrypt, the cipher data into plain data (e.g., un-encrypted data).
  • An encryption key may be used in encryption or decryption of the encryption/decryption engine 150 .
  • the encryption/decryption engine 150 includes a storage medium (not shown) which stores the encryption key.
  • the storage medium could be a register, a latch, flash memory, etc.
  • the encryption key is input to the storage medium only in a secure mode. The secure mode will be described later with reference to FIG. 3 .
  • the encryption/decryption engine 150 may encrypt or decrypt data in units of blocks of a predetermined size, for example, 64 bits, 128 bits, or 256 bits.
  • an encryption key and an algorithm which are used in encryption or decryption may be applied to each block.
  • the algorithm may be a data encryption standard (DES) algorithm or an advanced encryption standard (AES) algorithm.
  • DES data encryption standard
  • AES advanced encryption standard
  • the algorithm is not limited thereto, as other encryption or decryption algorithms may be used.
  • the secure mode may determine the method used by the encryption engine 150 to convert data, for example, encrypt or decrypt data in units of blocks.
  • Examples of the secure mode include an electronic code book (ECB) mode, a cipher block chaining (CBC) mode, a propagating cipher block chaining (PCBC) mode, or a cipher feed back (CFB) mode.
  • ECB electronic code book
  • CBC cipher block chaining
  • PCBC propagating cipher block chaining
  • CFB cipher feed back
  • each block is encrypted independently.
  • CBC each block of plaintext (e.g., un-encrypted data) is XORed with the previous ciphertext block (e.g., encrypted data) before being encrypted.
  • PCBC is a variation on CBC and is designed to extend or propagate a single bit error in the ciphertext to allow errors in transmission to be captured and the resultant plaintext to be rejected.
  • data may be encrypted in units smaller than the block size.
  • the secure mode is not limited to being set to one of the modes described above.
  • plain data e.g., un-encrypted data
  • the plain data is transmitted to the encryption/decryption engine 150 under the control of the CPU 120 .
  • the encryption/decryption engine 150 may convert the plain data into cipher data by using an encryption key.
  • the cipher data may be transmitted to the non-volatile memory device 200 via the non-volatile memory controller 140 .
  • cipher data output from the non-volatile memory device 200 is transmitted to the encryption/decryption engine 150 via the non-volatile memory controller 140 .
  • the encryption/decryption engine 150 may convert the cipher data into plain data by using a decryption key.
  • the decryption key may or may not be the same as a encryption key.
  • the plain data may be transmitted to the CPU 120 via the bus 110 and then transmitted from the CPU 120 to the main memory 300 via the bus 110 and the memory controller 130 . In other words, the plain data may be transmitted to the main memory 300 via the bus 110 and the memory controller 130 under the control of the CPU 120 .
  • FIG. 3 is a conceptual diagram for describing a secure mode in which an encryption key or a decryption key can be input to the encryption/decryption engine 150 illustrated in FIG. 2 .
  • a general operating system may manage hardware and may be installed in the hardware to execute an application program.
  • a secure OS may also be installed in the hardware to execute a secure application program that requires security, independently from a general operating system (OS).
  • the secure OS may be implemented by using a real time operating system (RTOS).
  • RTOS real time operating system
  • the RTOS may be used to execute an application program, which needs to be completed within a predetermined period of time, for example, a secure application program.
  • the secure OS may be a trusted operating system that provides sufficient support for multilevel security and evidence of correctness to meet a particular set of government requirements.
  • a non-secure mode may denote an example where the application program is executed by the general OS
  • a secure mode may denote an example where the secure application program is executed by the secure OS.
  • the CPU 120 inputs an encryption key or a decryption key to the encryption/decryption engine 150 .
  • the encryption/decryption engine 150 has access to an encryption key or a decryption key stored within itself or outside the encryption/decryption engine 150 .
  • an encryption key or a decryption key may be changed or re-set. For example, when the key is changed, the next encryption/decryption that occurs uses the updated key.
  • FIG. 4 is a block diagram of an SoC 100 B which is an exemplary embodiment of the SoC 100 of FIG. 1 .
  • the SoC 100 B includes a bus 110 , a CPU 120 , a memory controller 130 , a non-volatile memory controller 140 , an encryption/decryption engine 150 , and a one-time programmable (OTP) memory 160 .
  • the OTP memory 160 stores an encryption key or decryption key that is used in encryption or decryption by the encryption/decryption engine 150 .
  • the OTP memory 160 is implemented by using a fuse, an anti-fuse, or an e-fuse.
  • an anti-fuse is an electrical device that performs the opposite function to a fuse. For example, whereas a fuse starts with a low resistance and is designed to permanently break an electrically conductive path (e.g., when the current through the path exceeds a specified limit), an anti-fuse starts with a high resistance and is designed to permanently create an electrically conductive path (e.g., when the voltage across the anti-fuse exceeds a certain level).
  • an e-fuse allows for dynamic real-time reprogramming of computer chips.
  • the CPU 120 may be implemented so that it is prevented from accessing an encryption key or a decryption key stored in the OTP memory 160 , even when a secure application program is executed in a secure mode.
  • the CPU 120 may be implemented so that it is prevented from reading, writing, or erasing the stored key.
  • a write data path WP and a read data path RP of the SoC 100 B of FIG. 4 are substantially the same to those of the SoC 100 A of FIG. 2 , respectively, except that an encryption key or a decryption key that may be used in encryption or decryption of data is provided by the OTP memory 160 to the encryption/decryption engine 150 .
  • FIG. 5 is a block diagram of an SoC 100 C which is an exemplary embodiment of the SoC 100 illustrated in FIG. 1 .
  • the SoC 100 C includes a bus 110 , a CPU 120 , a memory controller 130 , a non-volatile memory controller 140 , an encryption/decryption engine 150 , an OTP memory 160 , and a direct memory access (DMA) unit 170 .
  • DMA direct memory access
  • the DMA unit 170 may access the main memory 300 or the non-volatile memory device 200 via a component (e.g., the memory controller 130 , the non-volatile memory controller 140 , or the encryption/decryption engine 150 ) without passing data through the CPU 120 .
  • the DMA unit 170 may be connected to the bus 110 .
  • plain data output from the main memory 300 is transmitted to the DMA unit 170 via the memory controller 130 and the bus 110 .
  • the plain data is transmitted from the DMA unit 170 to the encryption/decryption engine 150 via the bus 110 .
  • the encryption/decryption engine 150 converts the plain data into cipher data.
  • the cipher data output from the encryption/decryption engine 150 may be transmitted directly to the non-volatile memory controller 140 and then to the non-volatile memory device 200 .
  • the encryption/decryption engine 150 may transmit the cipher data directly, for example, on-the-fly, to the non-volatile memory controller 140 .
  • cipher data output from the non-volatile memory device 200 is transmitted to the encryption/decryption engine 150 via the non-volatile memory controller 140 .
  • the encryption/decryption engine 150 may receive cipher data directly, for example, on-the-fly, from the non-volatile memory controller 140 .
  • the encryption/decryption engine 150 converts the cipher data into plain data.
  • the plain data is transmitted to the DMA unit 170 via the bus 110 .
  • the plain data may be transmitted from the DMA unit 170 to the main memory 300 via the bus 110 and the memory controller 130 .
  • FIG. 6 is a block diagram of an SoC 100 D which is an exemplary embodiment of the SoC 100 illustrated in FIG. 1 .
  • the SoC 100 D includes a bus 110 , a CPU 120 , a memory controller 130 , a non-volatile memory controller 140 , an encryption/decryption engine 150 , an OTP memory 160 , and a DMA unit 170 .
  • the DMA unit 170 may be connected between the bus 110 and the encryption/decryption engine 150 . Data may be transmitted on-the-fly between the DMA unit 170 and the encryption/decryption engine 150 .
  • plain data output from the main memory 300 is transmitted to the encryption/decryption engine 150 via the memory controller 130 , the bus 110 , and the DMA unit 170 .
  • the encryption/decryption engine 150 may convert, for example, encrypt, the plain data into cipher data.
  • the cipher data may be transmitted to the non-volatile memory device 200 via the non-volatile memory controller 140 .
  • the encryption/decryption engine 150 may transmit the cipher data directly, for example, on-the-fly, to the non-volatile memory controller 140 .
  • cipher data output from the non-volatile memory device 200 is transmitted to the encryption/decryption engine 150 via the non-volatile memory controller 140 .
  • the encryption/decryption engine 150 may receive the cipher data directly, for example, on-the-fly, from the non-volatile memory controller 140 .
  • the encryption/decryption engine 150 may convert, for example, decrypt, the cipher data into plain data.
  • the plain data may be transmitted to the main memory 300 via the DMA unit 170 , the bus 110 , and the memory controller 130 .
  • FIG. 7 is a block diagram of an SoC 100 E which is an exemplary embodiment of the SoC 100 illustrated in FIG. 1 .
  • the SoC 100 E includes a bus 110 , a CPU 120 , a memory controller 130 , a non-volatile memory controller 140 , an encryption/decryption engine 150 , an OTP memory 160 , a DMA unit 170 , a register 180 , and a selection circuit 190 .
  • the register 180 may be connected to the bus 110 .
  • the register 180 may operate as a selection signal generator that generates a selection signal SEL.
  • the register 180 may change the selection signal SEL based on whether the CPU 120 executes a secure application program, that is, based on an indication signal that indicates a secure mode.
  • the indication signal may be output by the CPU 120 .
  • the indication signal may be a logic high in a secure mode, and the indication signal may be a logic low in a non-secure mode.
  • the selection circuit 190 may select a data path according to the selection signal SEL output by the register 180 .
  • An exemplary structure and an operation of the selection circuit 190 will now be described with reference to FIG. 8 .
  • FIG. 8 is a block diagram of the selection circuit 190 and the encryption/decryption engine 150 illustrated in FIG. 7 according to an exemplary embodiment of the inventive concept.
  • the selection circuit 190 include a first selector 192 and a second selector 194 .
  • the first selector 192 may be implemented by using a demultiplexer, and the second selector 194 may be implemented by using a multiplexer.
  • the selection circuit 190 selects a data path including the encryption/decryption engine 150 .
  • the selection circuit 190 selects the data path including the encryption/decryption engine 150 .
  • the selection signal SEL is a logic low
  • the selection circuit 190 selects a data path excluding the encryption/decryption engine 150 , that is, a bypass path.
  • the selection circuit 190 may select the data path excluding the encryption/decryption engine 150 , that is, the bypass path.
  • FIG. 9 is a block diagram of an SoC 100 F which is an exemplary embodiment of the SoC 100 illustrated in FIG. 1 .
  • the SoC 100 F includes a bus 110 , a CPU 120 , a memory controller 130 , a non-volatile memory controller 140 , an encryption/decryption engine 150 , an OTP memory 160 , a DMA unit 170 , a second OTP memory 182 , and a selection circuit 190 .
  • the second OTP memory 182 operates as a selection signal generator that generates a selection signal SEL.
  • the OTP memory 182 is programmed to generate a selection signal SEL having one logic level, for example, a logic high level.
  • the selection circuit 190 selects only the data path including the encryption/decryption engine 150 .
  • FIG. 10 is a flowchart of a method of operating an SoC, according to an exemplary embodiment of the present inventive concept.
  • the encryption/decryption engine 150 converts, for example, encrypts, plain data into cipher data by using an encryption key (S 10 ).
  • the encryption/decryption engine 150 may transmit the cipher data directly, for example, on-the-fly, to the non-volatile memory controller 140 (S 12 ). Since the encryption key is present within the SoC 100 and is not output outside the Soc 100 , a probe of communications between the Soc and the other memory devices (e.g., 200 and 300 ) will not discover the key.
  • FIG. 11 is a flowchart of a method of operating an SoC, according to an exemplary embodiment of the present inventive concept.
  • the encryption/decryption engine 150 receives plain data from the DMA unit 170 (S 20 ).
  • the encryption/decryption engine 150 receives the plain data directly, for example, on-the-fly, from the DMA unit 170 .
  • the engine 150 encrypts the plain data into cipher data (S 10 ) and transmits the cipher data directly to the non-volatile memory controller (S 12 ).
  • FIG. 12 is a flowchart of a method of operating an SoC, according to an exemplary embodiment of the present inventive concept.
  • the encryption/decryption engine 150 receive cipher data directly, for example, on-the-fly, from the non-volatile memory controller 140 (S 30 ).
  • the encryption/decryption engine 150 decrypts the cipher data into plain data (S 32 ).
  • FIG. 13 is a flowchart of a method of operating an SoC, according to an exemplary embodiment of the present inventive concept. Similar to FIG. 12 , the engine 150 receives cipher data directly from the non-voltage memory controller (S 30 ) and decrypts the cipher data into plain data (S 32 ). Referring to FIGS. 5 to 7 , 9 , and 13 , the encryption/decryption engine 150 transmits the plain data to the DMA unit 170 (S 34 ). In an exemplary embodiment, the encryption/decryption engine 150 transmits plain data directly, for example, on-the-fly, to the DMA unit 170 .
  • FIG. 14 is a block diagram of a data processing device 400 including the system 10 of FIG. 1 , according to an exemplary embodiment of the present inventive concept.
  • the data processing device 400 may be implemented by using a personal computer (PC) or a data server.
  • PC personal computer
  • the data processing device 400 includes a processor 100 , a storage device 200 , a memory 300 , a power source 410 , input/output (I/O) ports 420 , an expansion card 430 , a network device 440 , and a display 450 .
  • the data processing device 400 may further include a camera module 460 . In an exemplary embodiment, one or more of the elements of the processing device 400 may be omitted.
  • the processor 100 may correspond to the SoC 100 of FIG. 1 .
  • the processor 100 may be a multi-core processor.
  • the processor 100 includes the SoC 100 of FIG. 1 .
  • the processor 100 may control the operation of at least one of the elements 200 , 300 , and 410 - 460 .
  • the storage device 200 may correspond to the non-volatile memory device 200 of FIG. 1 .
  • the storage device 200 may be implemented by using a hard disk drive or a solid state drive (SSD).
  • the memory 300 may correspond to the main memory 300 of FIG. 1 .
  • the memory 300 may be implemented by using a volatile memory or a non-volatile memory.
  • the memory controller 140 of FIG. 2 is capable of controlling a data access operation, for example, a read operation, a write operation (or a program operation), or an erase operation, with respect to the memory 300 .
  • the memory 300 may be may be integrated into or embedded in the processor 100 .
  • the power source 410 may supply an operational voltage to at least one of the elements 100 , 200 , 300 , and 420 - 460 .
  • the I/O ports 420 may be capable of transmitting data to the storage device 200 or transmitting data output from the storage device 200 to an external device.
  • the I/O ports 420 may be a port for connecting a pointing device, such as a computer mouse, to the data processing device 400 , a port for connecting a printer to the data processing device 400 , or a port for connecting a universal serial bus (USB) drive to the data processing device 400 .
  • USB universal serial bus
  • the expansion card 430 may be implemented by using a secure digital (SD) card or a multimedia card (MMC).
  • SD secure digital
  • MMC multimedia card
  • the expansion card 430 is a Subscriber Identification Module (SIM) card or a Universal Subscriber Identity Module (USIM) card.
  • SIM Subscriber Identification Module
  • USIM Universal Subscriber Identity Module
  • the network device 440 may correspond to a device capable of connecting the storage device 200 to a wired or wireless network.
  • the display 450 may display data output from the storage device 200 , the memory 300 , the I/O ports 420 , the expansion card 430 , or the network device 440 .
  • the camera module 460 may be capable of converting an optical image into an electrical image. Accordingly, an electrical image output from the camera module 460 may be stored in the storage device 200 , the memory 300 , or the expansion card 430 . The electrical image output from the camera module 460 may be displayed on the display 450 .
  • FIG. 15 is a block diagram of a data processing device 500 including the system 10 of FIG. 1 , according to an exemplary embodiment of the present inventive concept.
  • the data processing device 500 may be implemented by using a laptop computer.
  • the data processing device 500 of FIG. 15 includes a processor 100 , a storage device 200 , a memory 300 , a power source 510 , input/output (I/O) ports 520 , an expansion card 530 , a network device 540 , and a display 550 .
  • the data processing device 500 may further include a camera module 560 . In an exemplary embodiment, one or more of the elements of the processing device 500 may be omitted.
  • FIG. 16 is a block diagram of a data processing device 600 including the system 10 of FIG. 1 , according to an exemplary embodiment of the present inventive concept.
  • the data processing device 600 may be implemented by using a portable device.
  • the portable device may be implemented by using a mobile phone, a smart phone, a tablet PC, a personal digital assistant (PDA), an enterprise digital assistant (EDA), a digital still camera, a digital video camera, a portable multimedia player (PMP), a personal (or portable) navigation device (PND), a handheld game console, or an e-book.
  • PDA personal digital assistant
  • EDA enterprise digital assistant
  • PMP portable multimedia player
  • PND personal (or portable) navigation device
  • handheld game console or an e-book.
  • the data processing device 600 of FIG. 16 includes a processor 100 , a storage device 200 , a memory 300 , a power source 610 , input/output (I/O) ports 620 , an expansion card 630 , a network device 640 , and a display 650 .
  • the data processing device 600 may further include a camera module 660 . In an exemplary embodiment, one or more of the elements of the processing device 600 may be omitted.
  • FIG. 17 is a block diagram of a system-in package (SiP) 700 including the SoC 100 of FIG. 1 , according to an exemplary embodiment of the present inventive concept, and the non-volatile memory device 200 of FIG. 1 .
  • FIG. 18 is a block diagram of a SiP 700 ′ including the SoC 100 of FIG. 1 , according to an embodiment of the present inventive concept.
  • a SIP may be referred to as a Chip Stack MCM (multi chip module).
  • a SiP may include a number of integrated circuits enclosed in a single module or package.
  • the SoC 100 and the main memory 300 are packaged into the SiP 700 .
  • the non-volatile memory 200 is located outside the SiP 700 and may be connected to a pin of the SiP 700 .
  • the SoC 100 , the non-volatile memory device 200 , and the main memory 300 are all packaged into the SiP 700 ′.
  • An SoC according to an exemplary embodiment of the present inventive concept encrypts data within the SoC, and thus a probe of communications between the SoC and other devices may be prevented from accessing un-encrypted data. Further, the SoC according to an exemplary embodiment stores an encryption key for encryption within itself without outputting the key outside itself, and thus the encryption key is prevented from being exposed.
  • the SoC includes a directly connected encryption/decryption engine and a memory controller, thereby yielding a shortened data transmission path within the SoC. Therefore, the SoC may have improved performance.

Abstract

A method of operating a system on chip (SoC) includes converting plain data into cipher data by using an encryption key and transmitting the cipher data directly to a memory controller which controls an operation of a non-volatile memory. The encryption key may be output by a one-time programmable (OTP) memory.

Description

    CROSS-REFERENCE TO RELATED APPLICATIONS
  • This application claims priority to Korean Patent Application No. 10-2012-0047743, filed on May 4, 2012, in the Korean Intellectual Property Office, the disclosure of which is incorporated by reference in its entirety herein.
    • BACKGROUND
  • 1. Technical Field
  • Exemplary embodiments of the inventive concept relate to a system on chip (SoC), a method of operating the SoC, and devices including the SoC.
  • 2. Discussion of Related Art
  • A main memory may receive programs that are to be executed by a central processing unit (CPU) and data required by the CPU, from a separate storage medium, for example, a non-volatile memory device. The main memory may transmit data to the separate storage medium, for example, the non-volatile memory device, to store the data.
  • Data exchanged between the main memory and the non-volatile memory device may be encrypted to prevent unauthorized users from accessing the data. Performance of a system including the main memory and the non-volatile memory device may vary based on the path used to exchange data between the main memory and the non-volatile memory device.
    • SUMMARY
  • According to an exemplary embodiment of the present inventive concept, a method of operating a system on chip (SoC) includes converting plain data into cipher data by an engine within the SoC using an encryption key; and transmitting, by the engine, the cipher data directly to a memory controller within the SoC that controls an operation of a non-volatile memory. According to an exemplary embodiment, the plain data may be data read from a main memory via a bus under the control of a central processing unit (CPU). For example, prior to the converting, the method may include the SoC reading the plain data from the main memory. According to an exemplary embodiment, the plain data may be data output from a direct memory access (DMA) unit. For example, prior to the converting, the method may include a DMA unit within the SoC outputting the plain data to the engine.
  • The encryption key may be output from a one-time programmable (OTP) memory. For example, prior to the converting, the method may include an OTP within the SoC outputting the key to the engine. The encryption key may be input only according to a secure program. For example, prior to the converting, the method may include outputting the key to the engine only while a secure program is being executed (e.g., by a CPU within the SoC).
  • In the converting, the plain data may be converted into the cipher data in units of blocks.
  • According to an exemplary embodiment of the present inventive concept, a method of operating a system on chip (SoC) includes receiving, by an engine within the SoC, cipher data directly from a memory controller within the SoC which controls an operation of a non-volatile memory; and converting, by the engine, the cipher data into plain data by using an encryption key.
  • The method may further include transmitting the plain data to a direct memory access (DMA) unit. For example, prior to the converting, the method may further include a DMA unit within the SoC transmitting the plain data to the engine. In the converting, the cipher data may be converted into the plain data in units of blocks.
  • According to an exemplary embodiment of the present inventive concept, a system on chip (SoC) includes an encryption/decryption engine which encrypts first plain data into first cipher data or decrypts second cipher data into second plain data, by using an encryption key; and a memory controller which is directly connected to the encryption/decryption engine and transmits the first cipher data to a non-volatile memory or receives the second cipher data from the non-volatile memory.
  • The SoC may further include a one-time programmable (OTP) memory which stores the encryption key. The SoC may further include a direct memory access (DMA) unit which transmits the first plain data, which is received from a data source, to the encryption/decryption engine or transmits the second plain data, which is received from the encryption/decryption engine, to the data source. For example, the DMA unit may receive the first plain data from a device outside the SOC and transmit the first plain data to the engine or transmit the second plain data received from the engine to the device.
  • The DMA unit may be directly connected to the encryption/decryption engine. The SoC may further include a CPU which controls transmission of the first plain data or the second plain data between a data source and the encryption/decryption engine. For example, the data source may be a device located outside the SoC.
  • According to an exemplary embodiment of the present inventive concept, a system-in package includes the SoC and a data source which communicates data with a non-volatile memory under the control of the SoC. The data source may be a device outside the SoC. According to an exemplary embodiment of the present inventive concept, a system-in package includes the SoC, a non-volatile memory, and a data source which communicates data with the non-volatile memory under the control of the SoC.
  • According to an exemplary embodiment of the present inventive concept, a system on chip (SoC) includes a memory controller configured to control a non-volatile memory, and an encryption/decryption engine directly connected to the memory controller and configured to encrypt or decrypt data. The SoC controls transmission of data between a data source (e.g., a device outside the SoC) and the non-volatile memory. The memory controller and the engine correspond to a first data path for transmitting data.
  • According to an exemplary embodiment of the present inventive concept, an electronic device includes a data source; a non-volatile memory; and a system on chip (SoC) which controls transmission of data between the data source and the non-volatile memory. The SoC may include a memory controller which controls the non-volatile memory; and an encryption/decryption engine which is directly connected to the memory controller and encrypts or decrypts the data. The encryption/decryption engine may encrypt or decrypt the data by using an encryption key that is stored in a one-time programmable (OTP) memory.
  • According to an exemplary embodiment of the inventive concept, a system on chip (SoC) includes a data bus, a main memory controller configured to output plain data to the bus, an engine configured to encrypt the plain data from the bus into cipher data using a key, a NVM controller, a first electrical path connecting the bus to the NVM controller to bypass the encryption engine, and a second electrical path connecting the bus to the NVM controller through the encryption engine. The SoC activates only the first electrical path (e.g., deactivates the second electrical path) in a non-secure mode for sending the plain data from the bus to the NVM controller. The SoC activates only the second electrical path (e.g., deactivates the first electrical path) in a secure mode for sending the plain data to the engine and the cipher data from the engine to the NVM controller.
  • The first electrical path may include a path of the plain text through a multiplexer and a demultiplexer to the NVM controller. The second electrical path may include a path of the plain data through the multiplexer to the engine and a path of the cipher data through the demultiplexer to the NVM controller. The SoC may further include an OTP configured to provide a same selection signal to the multiplexer and the demultiplexer for activating one of the first and second electrical paths. The engine may be configured to decrypt cipher data received from the NVM controller across the second electrical path.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • FIG. 1 is a block diagram of a system including a system on chip (SoC) according to an exemplary embodiment of the inventive concept;
  • FIG. 2 is a block diagram of the SoC illustrated in FIG. 1 according to an exemplary embodiment of the inventive concept;
  • FIG. 3 is a conceptual diagram for describing a secure mode in which a encryption key can be input to an encryption/decryption engine illustrated in FIG. 2;
  • FIG. 4 is a block diagram of the SoC illustrated in FIG. 1 according to an exemplary embodiment of the inventive concept;
  • FIG. 5 is a block diagram of the SoC illustrated in FIG. 1 according to an exemplary embodiment of the inventive concept;
  • FIG. 6 is a block diagram of the SoC illustrated in FIG. 1 according to an exemplary embodiment of the inventive concept;
  • FIG. 7 is a block diagram of the SoC illustrated in FIG. 1 according to an exemplary embodiment of the inventive concept;
  • FIG. 8 is a block diagram of a selection circuit and an encryption/decryption engine illustrated in FIG. 7 according to an exemplary embodiment of the inventive concept;
  • FIG. 9 is a block diagram of the SoC illustrated in FIG. 1 according to an exemplary embodiment of the inventive concept;
  • FIG. 10 is a flowchart of a method of operating an SoC, according to an exemplary embodiment of the inventive concept;
  • FIG. 11 is a flowchart of a method of operating an SoC, according to an exemplary embodiment of the inventive concept;
  • FIG. 12 is a flowchart of a method of operating an SoC, according to an exemplary embodiment of the inventive concept;
  • FIG. 13 is a flowchart of a method of operating an SoC, according to an exemplary embodiment of the inventive concept;
  • FIG. 14 is a block diagram of a data processing device including the system of FIG. 1, according to an exemplary embodiment of the inventive concept;
  • FIG. 15 is a block diagram of a data processing device including the system of FIG. 1, according to an exemplary embodiment of the inventive concept;
  • FIG. 16 is a block diagram of a data processing device including the system of FIG. 1, according to an exemplary embodiment of the inventive concept;
  • FIG. 17 is a block diagram of a system-in package including the SoC illustrated in FIG. 1, according to an exemplary embodiment of the inventive concept, and a non-volatile memory device illustrated in FIG. 1; and
  • FIG. 18 is a block diagram of a system-in package including the SoC illustrated in FIG. 1, according to an exemplary embodiment of the inventive concept.
    •  DETAILED DESCRIPTION
  • Herein, when one device is described as transmitting data to another device, the data is either transmitted from the one device directly (e.g., “directly transmitted”) or indirectly (e.g., “indirectly transmitted”) to the other device. In an exemplary embodiment where the one device directly transmits the data, the data is transmitted from the one device to the other device without passing through another device except a wire. In an exemplary embodiment where one device directly transmits the data, the data is transmitted from the one device to the other device through a multiplexer or a demultiplexer without using additional devices.
  • Herein, when one device is described as being connected to another device, these devices may directly connected to one another (e.g., “connected directly”) or indirectly connected (e.g., “connected indirectly”) to one another. In an embodiment where the two devices are directly connected to one another, no devices are present between the two devices except a wire. In an embodiment where two devices are directly connected to one another, no devices are present between the two devices other than a multiplexer or a demultiplexer.
  • It is to be understood that the apparatuses and methods described herein may be implemented in various forms of hardware, software, firmware, special purpose processors, or a combination thereof. In particular, a portion of the present inventive concept may be implemented as an application comprising program instructions that are tangibly embodied on one or more program storage devices or computer readable media (e.g., hard disk, magnetic floppy disk, RAM, ROM, CD ROM, etc.) and executable by any device or machine comprising suitable architecture, such as a general purpose digital computer having a processor, memory, and input/output interfaces. It is to be further understood that, because some of the constituent apparatus components and process steps depicted in the accompanying figures may be implemented in software, the connections between apparatus modules (or the logic flow of method steps) may differ depending upon the manner in which the present inventive concept is programmed.
  • FIG. 1 is a block diagram of a system 10 including a system on chip (SoC) 100 according to an exemplary embodiment of the present inventive concept. Referring to FIG. 1, the system 10 includes the SoC 100, a non-volatile memory device 200, and a main memory 300.
  • The system 10 may be implemented by using a personal computer (PC), a data server, or a portable device. For example, the portable device may be implemented by using a laptop computer, a mobile phone, a smart phone, a tablet PC, a personal digital assistant (PDA), an enterprise digital assistant (EDA), a digital still camera, a digital video camera, a portable multimedia player (PMP), a personal (or portable) navigation device (PND), a handheld game console, or an e-book.
  • The SoC 100 may control data transmission and reception between the non-volatile memory device 200 and the main memory 300. A structure and an operation of the SoC 100 will be described in detail later with reference to FIGS. 2 and 4 to 9.
  • The non-volatile memory device 200 may store a variety of programs and data. The non-volatile memory device 200 may be implemented by using an electrically erasable programmable read-only Memory (EEPROM), a flash memory, a magnetic random access memory (MRAM), a spin-transfer torque MRAM, a conductive bridging RAM (CBRAM), a ferroelectric RAM (FeRAM), a phase change RAM (PRAM), a resistive RAM (RRAM), a nanotube RRAM, a polymer RAM (PoRAM), a nano floating gate memory (NFGM), a holographic memory, a molecular electronics memory device, an insulator resistance change memory, or the like.
  • The main memory 300 may receive programs which are to be executed in the SoC 100 and data required by the SoC 100, from the non-volatile memory device 200 via the SoC 100. The main memory 300 may transmit data that is to be stored, to the non-volatile memory device 200 via the SoC 100. The main memory 300 may be implemented by using a RAM, for example, a dynamic RAM (DRAM) or a static RAM (SRAM), which is a volatile memory. However, the main memory 300 is not limited to a RAM, DRAM, or SRAM, as different types of memories may be used.
  • FIG. 2 is a block diagram of an SoC 100A, which is an embodiment of the SoC 100 of FIG. 1. Referring to FIG. 2, the SoC 100A includes a bus 110, a central processing unit (CPU) 120, a memory controller 130, a non-volatile memory controller 140, and an encryption/decryption engine 150.
  • The CPU 120 may be connected to the bus 110 and may control the entire operation of the SoC 100A. The memory controller 130 may control an operation of the main memory 300, for example, a read or write operation. The memory controller 130 may be connected to the bus 110.
  • The non-volatile memory controller 140 may control a data access operation of the non-volatile memory device 200, for example, a write operation, a read operation, a program operation, or an erase operation.
  • The encryption/decryption engine 150 may convert, namely, encrypt, plain data received from the main memory 300 via the memory controller 130 and the bus 110, into cipher data (e.g., encrypted data). The encryption/decryption engine 150 may transmit the cipher data directly, for example, on-the-fly, to the non-volatile memory controller 140 without passing through the bus 110.
  • In exemplary embodiment, the encryption/decryption engine 150 receives cipher data directly, for example, on-the-fly, from the non-volatile memory controller 140 without passing through the bus 110. The encryption/decryption engine 150 may convert, for example, decrypt, the cipher data into plain data (e.g., un-encrypted data).
  • An encryption key may be used in encryption or decryption of the encryption/decryption engine 150. In an exemplary embodiment, the encryption/decryption engine 150 includes a storage medium (not shown) which stores the encryption key. For example, the storage medium could be a register, a latch, flash memory, etc. According to an exemplary embodiment, the encryption key is input to the storage medium only in a secure mode. The secure mode will be described later with reference to FIG. 3.
  • The encryption/decryption engine 150 may encrypt or decrypt data in units of blocks of a predetermined size, for example, 64 bits, 128 bits, or 256 bits.
  • When the encryption/decryption engine 150 encrypts or decrypts in units of blocks, an encryption key and an algorithm which are used in encryption or decryption may be applied to each block. As an example, the algorithm may be a data encryption standard (DES) algorithm or an advanced encryption standard (AES) algorithm. However, the algorithm is not limited thereto, as other encryption or decryption algorithms may be used.
  • The secure mode may determine the method used by the encryption engine 150 to convert data, for example, encrypt or decrypt data in units of blocks. Examples of the secure mode include an electronic code book (ECB) mode, a cipher block chaining (CBC) mode, a propagating cipher block chaining (PCBC) mode, or a cipher feed back (CFB) mode. In ECB, each block is encrypted independently. In CBC, each block of plaintext (e.g., un-encrypted data) is XORed with the previous ciphertext block (e.g., encrypted data) before being encrypted. PCBC is a variation on CBC and is designed to extend or propagate a single bit error in the ciphertext to allow errors in transmission to be captured and the resultant plaintext to be rejected. In CFB, data may be encrypted in units smaller than the block size. However, the secure mode is not limited to being set to one of the modes described above.
  • In a write data path WP when data is written to the non-volatile memory device 200, plain data (e.g., un-encrypted data) output from the main memory 300 is transmitted to the CPU 120 via the memory controller 130 and the bus 110, and is then transmitted from the CPU 120 to the encryption/decryption engine 150 via the bus 110. In other words, the plain data is transmitted to the encryption/decryption engine 150 under the control of the CPU 120.
  • The encryption/decryption engine 150 may convert the plain data into cipher data by using an encryption key. The cipher data may be transmitted to the non-volatile memory device 200 via the non-volatile memory controller 140. In a read data path RP when data is read from the non-volatile memory device 200, cipher data output from the non-volatile memory device 200 is transmitted to the encryption/decryption engine 150 via the non-volatile memory controller 140.
  • The encryption/decryption engine 150 may convert the cipher data into plain data by using a decryption key. The decryption key may or may not be the same as a encryption key. The plain data may be transmitted to the CPU 120 via the bus 110 and then transmitted from the CPU 120 to the main memory 300 via the bus 110 and the memory controller 130. In other words, the plain data may be transmitted to the main memory 300 via the bus 110 and the memory controller 130 under the control of the CPU 120.
  • FIG. 3 is a conceptual diagram for describing a secure mode in which an encryption key or a decryption key can be input to the encryption/decryption engine 150 illustrated in FIG. 2. Referring to FIGS. 2 and 3, a general operating system (OS) may manage hardware and may be installed in the hardware to execute an application program.
  • A secure OS may also be installed in the hardware to execute a secure application program that requires security, independently from a general operating system (OS). The secure OS may be implemented by using a real time operating system (RTOS). For example, the RTOS may be used to execute an application program, which needs to be completed within a predetermined period of time, for example, a secure application program. The secure OS may be a trusted operating system that provides sufficient support for multilevel security and evidence of correctness to meet a particular set of government requirements.
  • A non-secure mode may denote an example where the application program is executed by the general OS, and a secure mode may denote an example where the secure application program is executed by the secure OS.
  • In an exemplary embodiment, while the secure application program is executed in the secure mode, the CPU 120 inputs an encryption key or a decryption key to the encryption/decryption engine 150. In an exemplary embodiment, the encryption/decryption engine 150 has access to an encryption key or a decryption key stored within itself or outside the encryption/decryption engine 150. In an exemplary embodiment, while the secure application program is executed in the secure mode, an encryption key or a decryption key may be changed or re-set. For example, when the key is changed, the next encryption/decryption that occurs uses the updated key.
  • FIG. 4 is a block diagram of an SoC 100B which is an exemplary embodiment of the SoC 100 of FIG. 1. Referring to FIGS. 1 to 4, the SoC 100B includes a bus 110, a CPU 120, a memory controller 130, a non-volatile memory controller 140, an encryption/decryption engine 150, and a one-time programmable (OTP) memory 160. In an exemplary embodiment, the OTP memory 160 stores an encryption key or decryption key that is used in encryption or decryption by the encryption/decryption engine 150.
  • In an exemplary embodiment, the OTP memory 160 is implemented by using a fuse, an anti-fuse, or an e-fuse. In an exemplary embodiment, an anti-fuse is an electrical device that performs the opposite function to a fuse. For example, whereas a fuse starts with a low resistance and is designed to permanently break an electrically conductive path (e.g., when the current through the path exceeds a specified limit), an anti-fuse starts with a high resistance and is designed to permanently create an electrically conductive path (e.g., when the voltage across the anti-fuse exceeds a certain level). In an exemplary embodiment, an e-fuse allows for dynamic real-time reprogramming of computer chips.
  • In contrast with the SoC 100A of FIG. 2, in the SoC 100B of FIG. 4, the CPU 120 may be implemented so that it is prevented from accessing an encryption key or a decryption key stored in the OTP memory 160, even when a secure application program is executed in a secure mode. For example, the CPU 120 may be implemented so that it is prevented from reading, writing, or erasing the stored key. A write data path WP and a read data path RP of the SoC 100B of FIG. 4 are substantially the same to those of the SoC 100A of FIG. 2, respectively, except that an encryption key or a decryption key that may be used in encryption or decryption of data is provided by the OTP memory 160 to the encryption/decryption engine 150.
  • FIG. 5 is a block diagram of an SoC 100C which is an exemplary embodiment of the SoC 100 illustrated in FIG. 1. Referring to FIGS. 1 and 5, the SoC 100C includes a bus 110, a CPU 120, a memory controller 130, a non-volatile memory controller 140, an encryption/decryption engine 150, an OTP memory 160, and a direct memory access (DMA) unit 170.
  • The DMA unit 170 may access the main memory 300 or the non-volatile memory device 200 via a component (e.g., the memory controller 130, the non-volatile memory controller 140, or the encryption/decryption engine 150) without passing data through the CPU 120. In this example, the DMA unit 170 may be connected to the bus 110.
  • In a write data path WP when data is written to the non-volatile memory device 200, plain data output from the main memory 300 is transmitted to the DMA unit 170 via the memory controller 130 and the bus 110. The plain data is transmitted from the DMA unit 170 to the encryption/decryption engine 150 via the bus 110.
  • The encryption/decryption engine 150 converts the plain data into cipher data. The cipher data output from the encryption/decryption engine 150 may be transmitted directly to the non-volatile memory controller 140 and then to the non-volatile memory device 200. In other words, the encryption/decryption engine 150 may transmit the cipher data directly, for example, on-the-fly, to the non-volatile memory controller 140.
  • In a read data path RP when data is read from the non-volatile memory device 200, cipher data output from the non-volatile memory device 200 is transmitted to the encryption/decryption engine 150 via the non-volatile memory controller 140. In other words, the encryption/decryption engine 150 may receive cipher data directly, for example, on-the-fly, from the non-volatile memory controller 140.
  • The encryption/decryption engine 150 converts the cipher data into plain data. The plain data is transmitted to the DMA unit 170 via the bus 110. The plain data may be transmitted from the DMA unit 170 to the main memory 300 via the bus 110 and the memory controller 130.
  • FIG. 6 is a block diagram of an SoC 100D which is an exemplary embodiment of the SoC 100 illustrated in FIG. 1. Referring to FIGS. 1 and 6, the SoC 100D includes a bus 110, a CPU 120, a memory controller 130, a non-volatile memory controller 140, an encryption/decryption engine 150, an OTP memory 160, and a DMA unit 170.
  • The DMA unit 170 may be connected between the bus 110 and the encryption/decryption engine 150. Data may be transmitted on-the-fly between the DMA unit 170 and the encryption/decryption engine 150.
  • In a write data path WP when data is written to the non-volatile memory device 200, plain data output from the main memory 300 is transmitted to the encryption/decryption engine 150 via the memory controller 130, the bus 110, and the DMA unit 170.
  • The encryption/decryption engine 150 may convert, for example, encrypt, the plain data into cipher data. The cipher data may be transmitted to the non-volatile memory device 200 via the non-volatile memory controller 140. In this example, the encryption/decryption engine 150 may transmit the cipher data directly, for example, on-the-fly, to the non-volatile memory controller 140.
  • In a read data path RP when data is read from the non-volatile memory device 200, cipher data output from the non-volatile memory device 200 is transmitted to the encryption/decryption engine 150 via the non-volatile memory controller 140. In this example, the encryption/decryption engine 150 may receive the cipher data directly, for example, on-the-fly, from the non-volatile memory controller 140.
  • The encryption/decryption engine 150 may convert, for example, decrypt, the cipher data into plain data. The plain data may be transmitted to the main memory 300 via the DMA unit 170, the bus 110, and the memory controller 130.
  • FIG. 7 is a block diagram of an SoC 100E which is an exemplary embodiment of the SoC 100 illustrated in FIG. 1. Referring to FIGS. 1, 3, and 7, the SoC 100E includes a bus 110, a CPU 120, a memory controller 130, a non-volatile memory controller 140, an encryption/decryption engine 150, an OTP memory 160, a DMA unit 170, a register 180, and a selection circuit 190.
  • The register 180 may be connected to the bus 110. The register 180 may operate as a selection signal generator that generates a selection signal SEL. The register 180 may change the selection signal SEL based on whether the CPU 120 executes a secure application program, that is, based on an indication signal that indicates a secure mode. The indication signal may be output by the CPU 120. For example, the indication signal may be a logic high in a secure mode, and the indication signal may be a logic low in a non-secure mode.
  • The selection circuit 190 may select a data path according to the selection signal SEL output by the register 180. An exemplary structure and an operation of the selection circuit 190 will now be described with reference to FIG. 8.
  • FIG. 8 is a block diagram of the selection circuit 190 and the encryption/decryption engine 150 illustrated in FIG. 7 according to an exemplary embodiment of the inventive concept. Referring to FIGS. 3, 7, and 8, the selection circuit 190 include a first selector 192 and a second selector 194. The first selector 192 may be implemented by using a demultiplexer, and the second selector 194 may be implemented by using a multiplexer.
  • For example, when the selection signal SEL is a logic high, the selection circuit 190 selects a data path including the encryption/decryption engine 150. When the CPU 120 executes a secure application program, that is, in a secure mode, the selection circuit 190 selects the data path including the encryption/decryption engine 150. In an exemplary embodiment, when the selection signal SEL is a logic low, the selection circuit 190 selects a data path excluding the encryption/decryption engine 150, that is, a bypass path. For example, when the CPU 120 performs a general application program, that is, in a non-secure mode, the selection circuit 190 may select the data path excluding the encryption/decryption engine 150, that is, the bypass path.
  • FIG. 9 is a block diagram of an SoC 100F which is an exemplary embodiment of the SoC 100 illustrated in FIG. 1. Referring to FIGS. 1, 8, and 9, the SoC 100F includes a bus 110, a CPU 120, a memory controller 130, a non-volatile memory controller 140, an encryption/decryption engine 150, an OTP memory 160, a DMA unit 170, a second OTP memory 182, and a selection circuit 190.
  • In an exemplary embodiment, the second OTP memory 182 operates as a selection signal generator that generates a selection signal SEL. In an exemplary embodiment, the OTP memory 182 is programmed to generate a selection signal SEL having one logic level, for example, a logic high level. In this embodiment, the selection circuit 190 selects only the data path including the encryption/decryption engine 150.
  • FIG. 10 is a flowchart of a method of operating an SoC, according to an exemplary embodiment of the present inventive concept. Referring to FIGS. 2, 4 to 7, 9, and 10, the encryption/decryption engine 150 converts, for example, encrypts, plain data into cipher data by using an encryption key (S 10). The encryption/decryption engine 150 may transmit the cipher data directly, for example, on-the-fly, to the non-volatile memory controller 140 (S12). Since the encryption key is present within the SoC 100 and is not output outside the Soc 100, a probe of communications between the Soc and the other memory devices (e.g., 200 and 300) will not discover the key.
  • FIG. 11 is a flowchart of a method of operating an SoC, according to an exemplary embodiment of the present inventive concept. Referring to FIGS. 5 to 7, 9, and 10, the encryption/decryption engine 150 receives plain data from the DMA unit 170 (S20). In an exemplary embodiment, the encryption/decryption engine 150 receives the plain data directly, for example, on-the-fly, from the DMA unit 170. Then similar to FIG. 10, the engine 150 encrypts the plain data into cipher data (S 10) and transmits the cipher data directly to the non-volatile memory controller (S12).
  • FIG. 12 is a flowchart of a method of operating an SoC, according to an exemplary embodiment of the present inventive concept. Referring to FIGS. 2, 4 to 7, 9, and 10, the encryption/decryption engine 150 receive cipher data directly, for example, on-the-fly, from the non-volatile memory controller 140 (S30). The encryption/decryption engine 150 decrypts the cipher data into plain data (S32).
  • FIG. 13 is a flowchart of a method of operating an SoC, according to an exemplary embodiment of the present inventive concept. Similar to FIG. 12, the engine 150 receives cipher data directly from the non-voltage memory controller (S30) and decrypts the cipher data into plain data (S32). Referring to FIGS. 5 to 7, 9, and 13, the encryption/decryption engine 150 transmits the plain data to the DMA unit 170 (S34). In an exemplary embodiment, the encryption/decryption engine 150 transmits plain data directly, for example, on-the-fly, to the DMA unit 170.
  • FIG. 14 is a block diagram of a data processing device 400 including the system 10 of FIG. 1, according to an exemplary embodiment of the present inventive concept. Referring to FIGS. 1 and 14, the data processing device 400 may be implemented by using a personal computer (PC) or a data server.
  • The data processing device 400 includes a processor 100, a storage device 200, a memory 300, a power source 410, input/output (I/O) ports 420, an expansion card 430, a network device 440, and a display 450. The data processing device 400 may further include a camera module 460. In an exemplary embodiment, one or more of the elements of the processing device 400 may be omitted.
  • The processor 100 may correspond to the SoC 100 of FIG. 1. The processor 100 may be a multi-core processor. In an exemplary embodiment, the processor 100 includes the SoC 100 of FIG. 1. The processor 100 may control the operation of at least one of the elements 200, 300, and 410-460.
  • The storage device 200 may correspond to the non-volatile memory device 200 of FIG. 1. The storage device 200 may be implemented by using a hard disk drive or a solid state drive (SSD).
  • The memory 300 may correspond to the main memory 300 of FIG. 1. The memory 300 may be implemented by using a volatile memory or a non-volatile memory. In an exemplary embodiment, the memory controller 140 of FIG. 2 is capable of controlling a data access operation, for example, a read operation, a write operation (or a program operation), or an erase operation, with respect to the memory 300. The memory 300 may be may be integrated into or embedded in the processor 100.
  • The power source 410 may supply an operational voltage to at least one of the elements 100, 200, 300, and 420-460. The I/O ports 420 may be capable of transmitting data to the storage device 200 or transmitting data output from the storage device 200 to an external device. For example, the I/O ports 420 may be a port for connecting a pointing device, such as a computer mouse, to the data processing device 400, a port for connecting a printer to the data processing device 400, or a port for connecting a universal serial bus (USB) drive to the data processing device 400.
  • The expansion card 430 may be implemented by using a secure digital (SD) card or a multimedia card (MMC). In an exemplary embodiment, the expansion card 430 is a Subscriber Identification Module (SIM) card or a Universal Subscriber Identity Module (USIM) card.
  • The network device 440 may correspond to a device capable of connecting the storage device 200 to a wired or wireless network. The display 450 may display data output from the storage device 200, the memory 300, the I/O ports 420, the expansion card 430, or the network device 440.
  • The camera module 460 may be capable of converting an optical image into an electrical image. Accordingly, an electrical image output from the camera module 460 may be stored in the storage device 200, the memory 300, or the expansion card 430. The electrical image output from the camera module 460 may be displayed on the display 450.
  • FIG. 15 is a block diagram of a data processing device 500 including the system 10 of FIG. 1, according to an exemplary embodiment of the present inventive concept. As an example, the data processing device 500 may be implemented by using a laptop computer.
  • Similar to the data processing device 400 of FIG. 14, the data processing device 500 of FIG. 15 includes a processor 100, a storage device 200, a memory 300, a power source 510, input/output (I/O) ports 520, an expansion card 530, a network device 540, and a display 550. The data processing device 500 may further include a camera module 560. In an exemplary embodiment, one or more of the elements of the processing device 500 may be omitted.
  • FIG. 16 is a block diagram of a data processing device 600 including the system 10 of FIG. 1, according to an exemplary embodiment of the present inventive concept. Referring to FIGS. 1 and 16, the data processing device 600 may be implemented by using a portable device.
  • The portable device may be implemented by using a mobile phone, a smart phone, a tablet PC, a personal digital assistant (PDA), an enterprise digital assistant (EDA), a digital still camera, a digital video camera, a portable multimedia player (PMP), a personal (or portable) navigation device (PND), a handheld game console, or an e-book.
  • Similar to the data processing device 400 of FIG. 14, the data processing device 600 of FIG. 16 includes a processor 100, a storage device 200, a memory 300, a power source 610, input/output (I/O) ports 620, an expansion card 630, a network device 640, and a display 650. The data processing device 600 may further include a camera module 660. In an exemplary embodiment, one or more of the elements of the processing device 600 may be omitted.
  • FIG. 17 is a block diagram of a system-in package (SiP) 700 including the SoC 100 of FIG. 1, according to an exemplary embodiment of the present inventive concept, and the non-volatile memory device 200 of FIG. 1. FIG. 18 is a block diagram of a SiP 700′ including the SoC 100 of FIG. 1, according to an embodiment of the present inventive concept. In an exemplary embodiment, a SIP may be referred to as a Chip Stack MCM (multi chip module). A SiP may include a number of integrated circuits enclosed in a single module or package.
  • Referring to FIGS. 1 and 17, the SoC 100 and the main memory 300 are packaged into the SiP 700. Thus, the non-volatile memory 200 is located outside the SiP 700 and may be connected to a pin of the SiP 700. Referring to FIGS. 1 and 18, the SoC 100, the non-volatile memory device 200, and the main memory 300 are all packaged into the SiP 700′.
  • An SoC according to an exemplary embodiment of the present inventive concept encrypts data within the SoC, and thus a probe of communications between the SoC and other devices may be prevented from accessing un-encrypted data. Further, the SoC according to an exemplary embodiment stores an encryption key for encryption within itself without outputting the key outside itself, and thus the encryption key is prevented from being exposed.
  • In an exemplary embodiment of the inventive concept, software of the SoC is incapable of accessing an encryption key used for encryption, which may prevent the encryption key from being leaked due to hacking. Since the software of the SoC does not participate in encryption, a burden on the software is reduced. In an exemplary embodiment, the SoC includes a directly connected encryption/decryption engine and a memory controller, thereby yielding a shortened data transmission path within the SoC. Therefore, the SoC may have improved performance.
  • Although exemplary embodiments of the present inventive concept have been shown and described, it will be appreciated by those skilled in the art that various changes may be made in these embodiments without departing from the spirit and scope of the inventive concept.

Claims (30)

What is claimed is:
1. A method of operating a system on chip (SoC), the method comprising:
converting plain data into cipher data by an engine within the SoC using a encryption key; and
transmitting, by the engine, the cipher data directly to a memory controller within the SoC,
wherein the memory controller controls an operation of a non-volatile memory.
2. The method of claim 1, wherein prior to the converting, the method comprises the SoC reading the plain data from a main memory via a bus under the control of a central processing unit (CPU).
3. The method of claim 1, wherein prior to the converting, the method comprises a direct memory access (DMA) unit within the SoC outputting the plain data to the engine.
4. The method of claim 1, wherein prior to the converting, the method comprises a one-time programmable (OTP) memory within the SoC outputting the encryption key to the engine.
5. The method of claim 1, wherein prior to the converting, the method comprising outputting the encryption key to the engine only while a secure program is being executed.
6. The method of claim 1, wherein the converting comprises converting the plain data into the cipher data in units of blocks.
7. A method of operating a system on chip (SoC), the method comprising:
receiving, by an engine within the SoC, cipher data directly from a memory controller within the SoC, wherein the memory controller controls an operation of a non-volatile memory; and
converting, by the engine, the cipher data into plain data using a encryption key.
8. The method of claim 7, wherein prior to the converting, the method comprises transmitting the plain data from a direct memory access (DMA) unit within the SoC to the engine.
9. The method of claim 7, wherein prior to the converting, the method comprises a one-time programmable (OTP) memory within the SoC outputting the encryption key to the engine.
10. The method of claim 7, wherein prior to the converting, the method comprises outputting the encryption key to the engine only while a secure program is being executed.
11. The method of claim 7, wherein the converting comprises converting the cipher data into the plain data in units of blocks.
12. A system on chip (SoC) comprising:
an encryption/decryption engine which encrypts first plain data into first cipher data or decrypts second cipher data into second plain data, using a encryption key; and
a memory controller directly connected to the encryption/decryption engine, wherein the memory controller transmits the first cipher data to a non-volatile memory or receives the second cipher data from the non-volatile memory.
13. The SoC of claim 12, further comprising a one-time programmable (OTP) memory which stores the encryption key.
14. The SoC of claim 12, further comprising a direct memory access (DMA) unit that receives the first plain data from a device outside the SOC and transmits the first plain data to the encryption/decryption engine or transmits the second plain data received from the encryption/decryption engine to the device.
15. The SoC of claim 14, wherein the DMA unit is directly connected to the encryption/decryption engine.
16. The SoC of claim 12, further comprising a central processing unit CPU which controls transmission of the first plain data or the second plain data between a device outside the SoC and the encryption/decryption engine.
17. A system-in package comprising:
the SoC of claim 12; and
a device which communicates data with the non-volatile memory under the control of the SoC.
18. A system-in package comprising:
the SoC of claim 12;
the non-volatile memory; and
a device which communicates data with the non-volatile memory under the control of the SoC.
19. A system on chip (SoC) comprises:
a memory controller configured to control a non-volatile memory; and
an encryption/decryption engine directly connected to the memory controller and configured to encrypt or decrypt data,
wherein the SoC controls transmission of data between a device outside the SoC and the non-volatile memory, and
wherein the memory controller and the engine correspond to a first data path for transmitting data.
20. The SoC of claim 19, wherein the SoC comprises a one-time programmable (OTP) memory storing a key, and the encryption/decryption engine encrypts or decrypts the data by using the key stored in the (OTP) memory.
21. The SoC of claim 19, wherein the first data path further comprises a direct memory access (DMA) unit which receives data from the device and transmits the data to the encryption/decryption engine or receives data from the encryption/decryption engine and transmits the data to the device.
22. The SoC of claim 21, wherein the DMA unit is directly connected to the encryption/decryption engine.
23. The SoC of claim 22, further comprising a second data path which transmits the data which has not been encrypted.
24. The SoC of claim 23, further comprising a selection circuit which selects either the first data path or the second data path based on a selection signal.
25. The SoC of claim 24, further comprising a selection signal generator which generates the selection signal,
wherein the selection signal generator is an one-time programmable (OTP) memory or a register.
26. A system on chip (SoC) comprising:
a data bus;
a main memory controller configured to output plain data to the bus;
an engine configured to encrypt the plain data from the bus into cipher data using a key;
a non-volatile memory (NVM) controller;
a first electrical path connecting the bus to the NVM controller to bypass the encryption engine; and
a second electrical path connecting the bus to the NVM controller through the encryption engine,
wherein the SoC activates only the first electrical path in a non-secure mode for sending the plain data from the bus to the NVM controller, and
wherein the SOC activates only the second electrical path in a secure mode for sending the plain data to the engine and the cipher data from the engine to the NVM controller.
27. The SoC of claim 26, wherein the first electrical path comprises a path of the plain data through a multiplexer and a demultiplexer to the NVM controller.
28. The SoC of claim 27, wherein the second electrical path comprises a path of the plain data through the multiplexer to the engine and a path of the cipher data through the demultiplexer to the NVM controller.
29. The SoC of claim 28, further comprising a one-time programmable (OTP) configured to provide a same selection signal to the multiplexer and the demultiplexer for activating one of the first and the second electrical paths.
30. The SoC of claim 26, wherein the engine is configured to decrypt cipher data received from the NVM controller across the second electrical path.
US13/718,382 2012-05-04 2012-12-18 System on chip, method of operating the same, and devices including the system on chip Abandoned US20130297948A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US14/702,167 US9489540B2 (en) 2012-05-04 2015-05-01 Memory controller with encryption and decryption engine

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR10-2012-0047743 2012-05-04
KR1020120047743A KR101975027B1 (en) 2012-05-04 2012-05-04 System on chip, operation method thereof, and devices having the same

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US14/702,167 Continuation US9489540B2 (en) 2012-05-04 2015-05-01 Memory controller with encryption and decryption engine

Publications (1)

Publication Number Publication Date
US20130297948A1 true US20130297948A1 (en) 2013-11-07

Family

ID=49384556

Family Applications (2)

Application Number Title Priority Date Filing Date
US13/718,382 Abandoned US20130297948A1 (en) 2012-05-04 2012-12-18 System on chip, method of operating the same, and devices including the system on chip
US14/702,167 Active US9489540B2 (en) 2012-05-04 2015-05-01 Memory controller with encryption and decryption engine

Family Applications After (1)

Application Number Title Priority Date Filing Date
US14/702,167 Active US9489540B2 (en) 2012-05-04 2015-05-01 Memory controller with encryption and decryption engine

Country Status (5)

Country Link
US (2) US20130297948A1 (en)
JP (1) JP6239259B2 (en)
KR (1) KR101975027B1 (en)
CN (1) CN103383668B (en)
DE (1) DE102013104167A1 (en)

Cited By (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140244513A1 (en) * 2013-02-22 2014-08-28 Miguel Ballesteros Data protection in near field communications (nfc) transactions
US20150286581A1 (en) * 2014-04-03 2015-10-08 SK Hynix Inc. Memory controller communicating with host, operating method thereof, and computing system including the same
US20160028725A1 (en) * 2014-07-25 2016-01-28 Qualcomm Incorporated Integrated circuit for determining whether data stored in external nonvolative memory is valid
US20160241523A1 (en) * 2015-02-12 2016-08-18 Samsung Electronics Co., Ltd. Secure message transmission apparatus and processing method thereof
WO2017058414A1 (en) * 2015-09-29 2017-04-06 Apple Inc. Unified addressable memory
WO2017105704A1 (en) * 2015-12-14 2017-06-22 Intel Corporation Bidirectional cryptographic io for data streams
WO2017127084A1 (en) 2016-01-21 2017-07-27 Hewlett-Packard Development Company, L.P. Data cryptography engine
US20170317982A1 (en) * 2016-04-30 2017-11-02 Krohne Messtechnik Gmbh Electronic device with an operational unit
US20180011892A1 (en) * 2015-01-29 2018-01-11 Hewlett Packard Enterprise Development Lp Foster twin data structure
US20180011893A1 (en) * 2015-01-29 2018-01-11 Hewlett-Packard Enterprise Development LP Hash index
EP3267304A4 (en) * 2015-04-03 2018-04-04 Huawei Technologies Co. Ltd. Storage partition method and terminal
US20180137294A1 (en) * 2014-06-20 2018-05-17 Cypress Semiconductor Corporation Encryption for xip and mmio external memories
US10169618B2 (en) 2014-06-20 2019-01-01 Cypress Semiconductor Corporation Encryption method for execute-in-place memories
US10261919B2 (en) * 2016-07-08 2019-04-16 Hewlett Packard Enterprise Development Lp Selective memory encryption
CN110443078A (en) * 2019-07-19 2019-11-12 南京芯驰半导体科技有限公司 A kind of safe storage system based on privilege classification
US20200183804A1 (en) * 2018-12-07 2020-06-11 Microsoft Technology Licensing, Llc Flexible microcontroller support for device testing and manufacturing
US10691838B2 (en) 2014-06-20 2020-06-23 Cypress Semiconductor Corporation Encryption for XIP and MMIO external memories
US10896267B2 (en) * 2017-01-31 2021-01-19 Hewlett Packard Enterprise Development Lp Input/output data encryption
EP3809271A4 (en) * 2018-08-15 2021-07-07 Huawei Technologies Co., Ltd. Secure data transfer apparatus, system and method
CN113312000A (en) * 2021-06-04 2021-08-27 河北光兴半导体技术有限公司 Hard disk and storage system
EP3403185B1 (en) * 2016-01-12 2022-01-26 Advanced Micro Devices, Inc. Memory operation encryption
US11244066B2 (en) * 2019-08-05 2022-02-08 Samsung Electronics Co., Ltd. System on chip
US20220237329A1 (en) * 2021-01-22 2022-07-28 Nxp Usa, Inc. System and method for validating trust provisioning operation on system-on-chip
US11416417B2 (en) 2014-08-25 2022-08-16 Western Digital Technologies, Inc. Method and apparatus to generate zero content over garbage data when encryption parameters are changed
US11552801B2 (en) 2019-05-10 2023-01-10 Samsung Electronics Co., Ltd. Method of operating memory system with replay attack countermeasure and memory system performing the same
US20230122094A1 (en) * 2016-05-25 2023-04-20 Samsung Electronics Co., Ltd. Storage system, method, and apparatus for fast io on pcie devices

Families Citing this family (49)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10447657B2 (en) * 2008-08-22 2019-10-15 Qualcomm Incorporated Method and apparatus for transmitting and receiving secure and non-secure data
US9607178B2 (en) * 2014-03-20 2017-03-28 Qualcomm Incorporated Protection against key tampering
CN103941119B (en) * 2014-03-27 2016-09-07 北京汇德信科技有限公司 A kind of multifunction programable signal generation parameter test system
KR102208072B1 (en) * 2014-09-01 2021-01-27 삼성전자주식회사 Data processing system
US9660806B2 (en) * 2014-12-30 2017-05-23 International Business Machines Corporation Carbon nanotube array for cryptographic key generation and protection
US9734117B2 (en) * 2015-01-26 2017-08-15 Western Digital Technologies, Inc. Data storage device and method for integrated bridge firmware to be retrieved from a storage system on chip (SOC)
US9560737B2 (en) 2015-03-04 2017-01-31 International Business Machines Corporation Electronic package with heat transfer element(s)
US9779262B2 (en) * 2015-04-20 2017-10-03 Qualcomm Incorporated Apparatus and method to decrypt file segments in parallel
US10426037B2 (en) 2015-07-15 2019-09-24 International Business Machines Corporation Circuitized structure with 3-dimensional configuration
CN106407829A (en) * 2015-07-30 2017-02-15 宇龙计算机通信科技(深圳)有限公司 Fingerprint recognition-based file encryption method and device and mobile terminal
US9578764B1 (en) 2015-09-25 2017-02-21 International Business Machines Corporation Enclosure with inner tamper-respondent sensor(s) and physical security element(s)
US9911012B2 (en) 2015-09-25 2018-03-06 International Business Machines Corporation Overlapping, discrete tamper-respondent sensors
US9894749B2 (en) 2015-09-25 2018-02-13 International Business Machines Corporation Tamper-respondent assemblies with bond protection
US10098235B2 (en) 2015-09-25 2018-10-09 International Business Machines Corporation Tamper-respondent assemblies with region(s) of increased susceptibility to damage
US9924591B2 (en) 2015-09-25 2018-03-20 International Business Machines Corporation Tamper-respondent assemblies
US10175064B2 (en) 2015-09-25 2019-01-08 International Business Machines Corporation Circuit boards and electronic packages with embedded tamper-respondent sensor
US10172239B2 (en) 2015-09-25 2019-01-01 International Business Machines Corporation Tamper-respondent sensors with formed flexible layer(s)
US9591776B1 (en) 2015-09-25 2017-03-07 International Business Machines Corporation Enclosure with inner tamper-respondent sensor(s)
KR102458351B1 (en) * 2015-10-02 2022-10-26 삼성전자주식회사 Authentication apparatus based on public key cryptosystem, mobile device having the same and authentication method thereof
US10143090B2 (en) 2015-10-19 2018-11-27 International Business Machines Corporation Circuit layouts of tamper-respondent sensors
US9978231B2 (en) 2015-10-21 2018-05-22 International Business Machines Corporation Tamper-respondent assembly with protective wrap(s) over tamper-respondent sensor(s)
CN105426793B (en) * 2015-11-17 2018-02-06 无锡江南计算技术研究所 A kind of multi bri device controller encryption and decryption dispatch control method
US9913389B2 (en) 2015-12-01 2018-03-06 International Business Corporation Corporation Tamper-respondent assembly with vent structure
US9555606B1 (en) 2015-12-09 2017-01-31 International Business Machines Corporation Applying pressure to adhesive using CTE mismatch between components
US10327343B2 (en) 2015-12-09 2019-06-18 International Business Machines Corporation Applying pressure to adhesive using CTE mismatch between components
US9554477B1 (en) 2015-12-18 2017-01-24 International Business Machines Corporation Tamper-respondent assemblies with enclosure-to-board protection
US9916744B2 (en) 2016-02-25 2018-03-13 International Business Machines Corporation Multi-layer stack with embedded tamper-detect protection
US9904811B2 (en) 2016-04-27 2018-02-27 International Business Machines Corporation Tamper-proof electronic packages with two-phase dielectric fluid
US9881880B2 (en) 2016-05-13 2018-01-30 International Business Machines Corporation Tamper-proof electronic packages with stressed glass component substrate(s)
US9913370B2 (en) 2016-05-13 2018-03-06 International Business Machines Corporation Tamper-proof electronic packages formed with stressed glass
US9858776B1 (en) 2016-06-28 2018-01-02 International Business Machines Corporation Tamper-respondent assembly with nonlinearity monitoring
US10321589B2 (en) 2016-09-19 2019-06-11 International Business Machines Corporation Tamper-respondent assembly with sensor connection adapter
US10299372B2 (en) 2016-09-26 2019-05-21 International Business Machines Corporation Vented tamper-respondent assemblies
US10271424B2 (en) 2016-09-26 2019-04-23 International Business Machines Corporation Tamper-respondent assemblies with in situ vent structure(s)
US9999124B2 (en) 2016-11-02 2018-06-12 International Business Machines Corporation Tamper-respondent assemblies with trace regions of increased susceptibility to breaking
US10326587B2 (en) * 2016-12-28 2019-06-18 Intel Corporation Ultra-lightweight cryptography accelerator system
US10327329B2 (en) 2017-02-13 2019-06-18 International Business Machines Corporation Tamper-respondent assembly with flexible tamper-detect sensor(s) overlying in-situ-formed tamper-detect sensor
KR20190075363A (en) * 2017-12-21 2019-07-01 삼성전자주식회사 Semiconductor memory device, memory system and memory module including the same
US10715321B2 (en) 2017-12-22 2020-07-14 Micron Technology, Inc. Physical unclonable function using message authentication code
US10906506B2 (en) 2017-12-28 2021-02-02 Micron Technology, Inc. Security of user data stored in shared vehicles
CN108197504B (en) * 2017-12-28 2022-01-11 湖南国科微电子股份有限公司 Controllable data encryption and decryption system and method
US10924277B2 (en) * 2018-01-25 2021-02-16 Micron Technology, Inc. Certifying authenticity of stored code and code updates
US10306753B1 (en) 2018-02-22 2019-05-28 International Business Machines Corporation Enclosure-to-board interface with tamper-detect circuit(s)
US11122682B2 (en) 2018-04-04 2021-09-14 International Business Machines Corporation Tamper-respondent sensors with liquid crystal polymer layers
US10778661B2 (en) 2018-04-27 2020-09-15 Micron Technology, Inc. Secure distribution of secret key using a monotonic counter
KR102621645B1 (en) 2019-03-12 2024-01-05 삼성전자주식회사 Electronic device having secure integrated circuit
CN111775698B (en) * 2019-04-04 2021-11-16 北京新能源汽车股份有限公司 Vehicle mileage information processing method and device and automobile
CN110275845B (en) * 2019-06-29 2021-11-19 江苏芯盛智能科技有限公司 Memory control method and device and electronic equipment
CN113312307A (en) * 2021-06-25 2021-08-27 展讯通信(上海)有限公司 System on chip, data processing method thereof and central processing unit

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030226018A1 (en) * 2002-05-31 2003-12-04 Broadcom Corporation Data transfer efficiency in a cryptography accelerator system
US20060090084A1 (en) * 2004-10-22 2006-04-27 Mark Buer Secure processing environment
US20070074046A1 (en) * 2005-09-23 2007-03-29 Czajkowski David R Secure microprocessor and method
US20080192928A1 (en) * 2000-01-06 2008-08-14 Super Talent Electronics, Inc. Portable Electronic Storage Devices with Hardware Security Based on Advanced Encryption Standard
US20100191959A1 (en) * 2005-09-23 2010-07-29 Space Micro Inc. Secure microprocessor and method
US20100254537A1 (en) * 2009-04-06 2010-10-07 Broadcom Corporation Scalable and Secure Key Management For Cryptographic Data Processing
US20110219150A1 (en) * 2010-03-05 2011-09-08 Gary Piccirillo Dma engine capable of concurrent data manipulation

Family Cites Families (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003198531A (en) * 2001-12-27 2003-07-11 Denso Corp Common key cipher communication method and device
DE60210416T2 (en) 2002-02-28 2006-09-07 Matsushita Electric Industrial Co., Ltd., Kadoma memory card
KR20050002103A (en) 2003-06-30 2005-01-07 (주)파인칩스 Portable storing apparatus having encryption processor
US8954751B2 (en) * 2004-10-08 2015-02-10 International Business Machines Corporation Secure memory control parameters in table look aside buffer data fields and support memory array
US7457985B2 (en) 2005-09-09 2008-11-25 International Business Machines Corporation Method to detect errors in computer systems by using state tracking
US20070061597A1 (en) 2005-09-14 2007-03-15 Micky Holtzman Secure yet flexible system architecture for secure devices with flash mass storage memory
US7835518B2 (en) 2006-04-03 2010-11-16 Sandisk Corporation System and method for write failure recovery
WO2008071222A1 (en) 2006-12-15 2008-06-19 Agere Systems Inc. Protecting a programmable memory against unauthorized modification
US8209550B2 (en) * 2007-04-20 2012-06-26 Telefonaktiebolaget Lm Ericsson (Publ) Method and apparatus for protecting SIMLock information in an electronic device
KR20090037712A (en) 2007-10-12 2009-04-16 삼성전자주식회사 Electronic device for security boot up and method for computation hash vale and boot-up operation thereof
KR20090095909A (en) 2008-03-06 2009-09-10 삼성전자주식회사 Data storage device and data management method thereof
KR100959275B1 (en) 2008-04-04 2010-05-26 주식회사 셀픽 Solid state disk with security function
JP2010009174A (en) 2008-06-25 2010-01-14 Panasonic Corp Nonvolatile storage medium control device, nonvolatile storage medium control method, and nonvolatile storage medium control program
CN101661546B (en) 2008-08-28 2012-12-19 深圳富泰宏精密工业有限公司 System and method for file encryption therein in hand-held mobile electronic device
US8781127B2 (en) * 2008-09-05 2014-07-15 Vixs Systems, Inc. Device with privileged memory and applications thereof
US8555015B2 (en) 2008-10-23 2013-10-08 Maxim Integrated Products, Inc. Multi-layer content protecting microcontroller
US8589700B2 (en) * 2009-03-04 2013-11-19 Apple Inc. Data whitening for writing and reading data to and from a non-volatile memory
US8526605B2 (en) 2009-10-09 2013-09-03 Seagate Technology Llc Data encryption to provide data security and memory cell bit wear leveling
US20110154061A1 (en) 2009-12-21 2011-06-23 Babu Chilukuri Data secure memory/storage control
CN101788958A (en) * 2010-02-04 2010-07-28 杭州晟元芯片技术有限公司 Method for protecting data of memorizer
JP5353828B2 (en) * 2010-06-14 2013-11-27 富士通セミコンダクター株式会社 Processor and processor system
KR101279213B1 (en) * 2010-07-21 2013-06-26 삼성에스디에스 주식회사 Device and method for providing soc-based anti-malware service, and interface method
KR101231637B1 (en) 2011-04-27 2013-02-08 대우조선해양 주식회사 Damper structure for enclosed derrick

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080192928A1 (en) * 2000-01-06 2008-08-14 Super Talent Electronics, Inc. Portable Electronic Storage Devices with Hardware Security Based on Advanced Encryption Standard
US20030226018A1 (en) * 2002-05-31 2003-12-04 Broadcom Corporation Data transfer efficiency in a cryptography accelerator system
US20060090084A1 (en) * 2004-10-22 2006-04-27 Mark Buer Secure processing environment
US20070074046A1 (en) * 2005-09-23 2007-03-29 Czajkowski David R Secure microprocessor and method
US20100191959A1 (en) * 2005-09-23 2010-07-29 Space Micro Inc. Secure microprocessor and method
US20100254537A1 (en) * 2009-04-06 2010-10-07 Broadcom Corporation Scalable and Secure Key Management For Cryptographic Data Processing
US20110219150A1 (en) * 2010-03-05 2011-09-08 Gary Piccirillo Dma engine capable of concurrent data manipulation

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
Freescale, "DSP 56300 Family Manual", 2005, Freescale Semiconductor, pg. 1-512. *

Cited By (40)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140244513A1 (en) * 2013-02-22 2014-08-28 Miguel Ballesteros Data protection in near field communications (nfc) transactions
US9864704B2 (en) * 2014-04-03 2018-01-09 SK Hynix Inc. Memory controller communicating with host, operating method thereof, and computing system including the same
US20150286581A1 (en) * 2014-04-03 2015-10-08 SK Hynix Inc. Memory controller communicating with host, operating method thereof, and computing system including the same
US10169618B2 (en) 2014-06-20 2019-01-01 Cypress Semiconductor Corporation Encryption method for execute-in-place memories
US10192062B2 (en) * 2014-06-20 2019-01-29 Cypress Semiconductor Corporation Encryption for XIP and MMIO external memories
US20180137294A1 (en) * 2014-06-20 2018-05-17 Cypress Semiconductor Corporation Encryption for xip and mmio external memories
US10691838B2 (en) 2014-06-20 2020-06-23 Cypress Semiconductor Corporation Encryption for XIP and MMIO external memories
US20160028725A1 (en) * 2014-07-25 2016-01-28 Qualcomm Incorporated Integrated circuit for determining whether data stored in external nonvolative memory is valid
US9621549B2 (en) * 2014-07-25 2017-04-11 Qualcomm Incorporated Integrated circuit for determining whether data stored in external nonvolative memory is valid
US11416417B2 (en) 2014-08-25 2022-08-16 Western Digital Technologies, Inc. Method and apparatus to generate zero content over garbage data when encryption parameters are changed
US20180011892A1 (en) * 2015-01-29 2018-01-11 Hewlett Packard Enterprise Development Lp Foster twin data structure
US20180011893A1 (en) * 2015-01-29 2018-01-11 Hewlett-Packard Enterprise Development LP Hash index
US11023453B2 (en) * 2015-01-29 2021-06-01 Hewlett Packard Enterprise Development Lp Hash index
US10187359B2 (en) * 2015-02-12 2019-01-22 Samsung Electronics Co., Ltd. Secure message transmission apparatus and processing method thereof
US20160241523A1 (en) * 2015-02-12 2016-08-18 Samsung Electronics Co., Ltd. Secure message transmission apparatus and processing method thereof
EP3267304A4 (en) * 2015-04-03 2018-04-04 Huawei Technologies Co. Ltd. Storage partition method and terminal
US11138346B2 (en) 2015-09-29 2021-10-05 Apple Inc. Unified addressable memory
US11714924B2 (en) 2015-09-29 2023-08-01 Apple Inc. Unified addressable memory
WO2017058414A1 (en) * 2015-09-29 2017-04-06 Apple Inc. Unified addressable memory
US10671762B2 (en) 2015-09-29 2020-06-02 Apple Inc. Unified addressable memory
WO2017105704A1 (en) * 2015-12-14 2017-06-22 Intel Corporation Bidirectional cryptographic io for data streams
US10225247B2 (en) 2015-12-14 2019-03-05 Intel Corporation Bidirectional cryptographic IO for data streams
EP3403185B1 (en) * 2016-01-12 2022-01-26 Advanced Micro Devices, Inc. Memory operation encryption
WO2017127084A1 (en) 2016-01-21 2017-07-27 Hewlett-Packard Development Company, L.P. Data cryptography engine
EP3345094A4 (en) * 2016-01-21 2019-04-17 Hewlett-Packard Development Company, L.P. Data cryptography engine
CN108496159A (en) * 2016-01-21 2018-09-04 惠普发展公司,有限责任合伙企业 Data cryptogram engine
US20170317982A1 (en) * 2016-04-30 2017-11-02 Krohne Messtechnik Gmbh Electronic device with an operational unit
US20230122094A1 (en) * 2016-05-25 2023-04-20 Samsung Electronics Co., Ltd. Storage system, method, and apparatus for fast io on pcie devices
US10261919B2 (en) * 2016-07-08 2019-04-16 Hewlett Packard Enterprise Development Lp Selective memory encryption
US10896267B2 (en) * 2017-01-31 2021-01-19 Hewlett Packard Enterprise Development Lp Input/output data encryption
EP3809271A4 (en) * 2018-08-15 2021-07-07 Huawei Technologies Co., Ltd. Secure data transfer apparatus, system and method
US11888827B2 (en) 2018-08-15 2024-01-30 Huawei Technologies Co., Ltd. Secure data transfer apparatus, system, and method
US20200183804A1 (en) * 2018-12-07 2020-06-11 Microsoft Technology Licensing, Llc Flexible microcontroller support for device testing and manufacturing
US10936459B2 (en) * 2018-12-07 2021-03-02 Microsoft Technology Licensing, Llc Flexible microcontroller support for device testing and manufacturing
US11552801B2 (en) 2019-05-10 2023-01-10 Samsung Electronics Co., Ltd. Method of operating memory system with replay attack countermeasure and memory system performing the same
CN110443078A (en) * 2019-07-19 2019-11-12 南京芯驰半导体科技有限公司 A kind of safe storage system based on privilege classification
US11244066B2 (en) * 2019-08-05 2022-02-08 Samsung Electronics Co., Ltd. System on chip
US20220237329A1 (en) * 2021-01-22 2022-07-28 Nxp Usa, Inc. System and method for validating trust provisioning operation on system-on-chip
US11768963B2 (en) * 2021-01-22 2023-09-26 Nxp Usa, Inc. System and method for validating trust provisioning operation on system-on-chip
CN113312000A (en) * 2021-06-04 2021-08-27 河北光兴半导体技术有限公司 Hard disk and storage system

Also Published As

Publication number Publication date
CN103383668B (en) 2018-03-20
JP6239259B2 (en) 2017-11-29
KR101975027B1 (en) 2019-05-03
CN103383668A (en) 2013-11-06
DE102013104167A1 (en) 2013-11-07
KR20130126843A (en) 2013-11-21
JP2013236376A (en) 2013-11-21
US9489540B2 (en) 2016-11-08
US20150235053A1 (en) 2015-08-20

Similar Documents

Publication Publication Date Title
US9489540B2 (en) Memory controller with encryption and decryption engine
US9094190B2 (en) Method of managing key for secure storage of data and apparatus therefor
US9100187B2 (en) Authenticator
US10204240B2 (en) Encrypting portable media system and method of operation thereof
US9160531B2 (en) Host device, semiconductor memory device, and authentication method
US10997297B1 (en) Validating firmware for data storage devices
US20130156195A1 (en) Method of obtaining a main key from a memory device, method of generating authentication information for a memory device, an external device and system icluding the external device
CN105122203A (en) Storage device assisted inline encryption and decryption
US10809925B2 (en) Configurable security memory region
CN111131130B (en) Key management method and system
US20160062921A1 (en) Application processor and data processing system including the same
US20210073145A1 (en) Securing data direct i/o for a secure accelerator interface
US11829483B2 (en) Platform security mechanism
CN110008148B (en) Memory controller and method for access control of memory module
US11050569B2 (en) Security memory scheme
CN111914309A (en) Password-protected data storage device and non-volatile memory control method
KR102218715B1 (en) Semiconductor device for protecting data per channel
TWI821052B (en) Electronic device and method for performing permission management of storage device
TW202403773A (en) Semiconductor device, and system and method for managing secure operations in the same
CN116720227A (en) Data encryption and decryption system and data encryption and decryption method for memory
US20160202314A1 (en) Test circuit and method of semiconductor device

Legal Events

Date Code Title Description
AS Assignment

Owner name: SAMSUNG ELECTRONICS CO., LTD., KOREA, REPUBLIC OF

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:LEE, HEON SOO;CHOI, HONG-MOOK;PARK, SANG-HYUN;REEL/FRAME:029491/0721

Effective date: 20121212

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION