Patent Grant
8607061
The present invention relates generally to non-volatile memory devices and in particular the present invention relates to a security method for preventing accidental or unauthorized writes to a flash memory.
Memory devices are typically provided as internal storage areas in a computer. The term memory identifies data storage that comes in the form of integrated circuit chips. There are several different types of memory, including random access memory (RAM). RAM is typically used as main memory in a computer environment. Most RAM is volatile, which means that it requires a steady flow of electricity to maintain its contents. As soon as the power is turned off, whatever data was in RAM is lost.
Computers can also contain a small amount of read-only memory (ROM) that holds instructions for starting up the computer. This type of memory retains stored data when the power is turned off and is generally referred to as non-volatile memory. An EEPROM (electrically erasable programmable read-only memory) is a special type of non-volatile ROM that can be erased by exposing it to an electrical charge. Like other types of ROM, EEPROM is traditionally not as fast as RAM. EEPROM comprise a large number of memory cells having electrically isolated gates (floating gates). Data is stored in the memory cells in the form of charge on the floating gates. Charge is transported to or removed from the floating gates by programming and erase operations, respectively.
Yet another type of non-volatile memory is a flash memory. A flash memory is a type of EEPROM that can be erased and reprogrammed in blocks instead of one byte at a time. Many modem computers have their basic I/O system (BIOS) stored on flash memory chips. A BIOS is a program that is used by a processor for starting the computer system when the power is turned on or reset (power-up). Upon power-up, instructions contained in the BIOS are transferred to a processor, thereby giving the processor the instructions it needs to properly start up and operate the system. The BIOS also manages the data flow between the computer's operating system and the hardware of the computer system. Storing a BIOS in a flash memory is desirable because it allows the BIOS to be easily updated as needed. However, since write operations to a flash memory chip are easy to accomplish, the potential for accidental or unauthorized writes is increased. Therefore, an effective way to secure a flash memory array from accidental or unauthorized writes is needed.
For the reasons stated above, and for other reasons stated below which will become apparent to those skilled in the art upon reading and understanding the present specification, there is a need in the art for a flash memory that has the ability to secure the memory array from accidental or unauthorized writes.
In the following detailed description of the present embodiments, reference is made to the accompanying drawings that form a part hereof, and in which is shown by way of illustration specific embodiments in which the inventions may be practiced. These embodiments are described in sufficient detail to enable those skilled in the art to practice the invention, and it is to be understood that other embodiments may be utilized and that logical, mechanical and electrical changes may be made without departing from the spirit and scope of the present invention. The following detailed description is, therefore, not to be taken in a limiting sense, and the scope of the present invention is defined only by the claims.
A basic flash memory system is illustrated in
Typically, in the prior art, a flash utility program 26 controls writes to the flash memory 10 as illustrated in
The present invention secures write operations to the flash memory array 22 by gating the write enable signals. The BIOS in the present invention, directs a processor to generate a random access code, or enable code, on power-up that is specific to each boot cycle. That is, the random access code generated during the booting of a computer system, is maintained until the power is removed from the system or the system is reset. Thereafter, a different random code is generated the next time the system is booted. The booting of a computer system is the process by which the computer system is placed into an operational state after power-up. In the present invention, a write operation to the flash memory array is denied unless a request code is provided that matches the access code generated during the then current boot cycle. This design prevents accidental or unauthorized writes.
One embodiment of the present invention is illustrated in
In one embodiment, the BIOS 38 program also maintains the access code. BIOS 38 and check register 32 use the access code to gate the write enable signals to the memory control circuitry 28 during write operations. When a user executes a program containing an instruction to write to the flash memory array 36, the write operation will be denied by the BIOS 38 unless the program has an authorization code that is recognized by the BIOS 38. However, if the program has the authorization code, the BIOS 38 sends the access code to the check register 32 toggling the write enable signal to an active LOW. The program can then perform a write operation to the flash memory array 36. Once the program has completed the write operation, the BIOS 38 once again sends the access code to the check register 32 thereby toggling the write enable signal to an inactive HIGH. The authorization code in the program recognized by the BIOS 38 can be made more secure by changing the authorization code with each reflashing of the BIOS 38.
Although, the access code does not have to be generated at each power-up, there are certain advantages of doing so, especially in a computer environment. During the booting of a computer, optional third party software programs can be executed that the BIOS 38 has no control over. For example, one of the first things to occur after the initial boot-up of a personal computer is that a video BIOS program on a video card may be executed. During execution of the video BIOS program, the BIOS program 38 of the system transfers control over to the video BIOS program. During this time an unintentional or unauthorized write could be made to the flash memory array. This situation provides a weak point in security of the computer. These security risks can be avoided by setting the access code before the optional third party software programs are executed. In addition, having a dynamic random access code that is generated at each power-up makes it extremely difficult for someone to discover the access code.
One embodiment of check register 32 is illustrated in
The size of the access code size could be 8, 16, 32 or 64 bits. The larger the number of bits the more difficult the access code will be to discover. However, it will be appreciate by those skilled in the art that the bit length of the access code can very with the size of the registers used and that the present invention is not limited to 8, 16, 32 or 64 bits. In addition, the storage devices in the check register 32 are designed so that the random access code generated at power up is erased when the power is removed. This ensures the check register is ready to accept a new access code at the next power up. This can be accomplished by using storage devices in the check register 32 that are volatile.
A flow chart illustrating a method 50 of gating write enable signals according to one embodiment of the present invention is illustrated in
In another embodiment, a logic circuit 66 automatically toggles the write enable signal to an inactive HIGH after the completion of a write operation. This embodiment is illustrated in
Although, an active LOW write enable signal is described as allowing write operations and an inactive HIGH write enable signal as denying write operations, it will be appreciated by those in the art that the flash memory 40 could be designed so that an active HIGH signal allows write operations and an inactive LOW signal denies write operations. Therefore, the present invention is not limited to an active LOW signal and an inactive HIGH signal.
Moreover, even though the check register 32 is illustrated in
In another embodiment, the check register 32 and logic circuit 66 are placed outside the flash chip 40 in a programmed logic device 70. This embodiment is illustrated in
In another embodiment of the present invention, reflashing the BIOS 38 requires that the replacement BIOS program contains the access code generating program. This is required since the original BIOS 38 that contained the access code generating program will have been erased. An alternative embodiment, stores the access code generating program in a portion of the flash memory that is protected from being written over. In this embodiment the updated BIOS 38 does not need to contain the program to generate the random access code at boot up, since that part of the program was not erased during the reflashing.
A security method for preventing accidental or unauthorized writes to a flash memory has been described. According to one embodiment of the present invention, a BIOS program stored in a flash memory array generates a random access code when executed by a processor. A check register stores the random access code and enables write operations to the flash memory array based upon an externally provided access code. In another embodiment, the BIOS program directs the processor to write the random access code to the check register to enable write operations in response to an external write request.
Although specific embodiments have been illustrated and described herein, it will be appreciated by those of ordinary skill in the art that any arrangement, which is calculated to achieve the same purpose, may be substituted for the specific embodiment shown. This application is intended to cover any adaptations or variations of the present invention. Therefore, it is manifestly intended that this invention be limited only by the claims and the equivalents thereof.
This application is a continuation of U.S. patent application Ser. No. 11/280,469, filed Nov. 16, 2005, titled “FLASH DEVICE SECURITY METHOD UTILIZING A CHECK REGISTER,” issued as U.S. Pat. No. 7,613,928 on Nov. 3, 2009, which application is a continuation of U.S. patent application Ser. No. 09/818,425, filed Mar. 27, 2001, issued as U.S. Pat. No. 6,996,721 on Feb. 7, 2006, and having the same title, both applications commonly assigned and incorporated by reference herein in their entirety.
| Number | Name | Date | Kind |
|---|---|---|---|
| 4757533 | Allen et al. | Jul 1988 | A |
| 4796235 | Sparks et al. | Jan 1989 | A |
| 4819204 | Schrenk | Apr 1989 | A |
| 4839628 | Davis et al. | Jun 1989 | A |
| 4975878 | Boddu et al. | Dec 1990 | A |
| 5012514 | Renton | Apr 1991 | A |
| 5327564 | Little | Jul 1994 | A |
| 5442704 | Holtey | Aug 1995 | A |
| 5469564 | Junya | Nov 1995 | A |
| 5560000 | Vogley | Sep 1996 | A |
| 5606615 | Lapointe et al. | Feb 1997 | A |
| 5666516 | Combs | Sep 1997 | A |
| 5774545 | Raghavachari | Jun 1998 | A |
| 5778070 | Mattison | Jul 1998 | A |
| 5818771 | Yasu et al. | Oct 1998 | A |
| 5844986 | Davis | Dec 1998 | A |
| 6018800 | Ruckdashel | Jan 2000 | A |
| 6032237 | Inoue et al. | Feb 2000 | A |
| 6480097 | Zinsky et al. | Nov 2002 | B1 |
| 6633981 | Davis | Oct 2003 | B1 |
| 6715049 | Hayakashi | Mar 2004 | B1 |
| 7613928 | Gentile | Nov 2009 | B2 |
| Number | Date | Country | |
|---|---|---|---|
| 20100023780 A1 | Jan 2010 | US |
| Number | Date | Country | |
|---|---|---|---|
| Parent | 11280469 | Nov 2005 | US |
| Child | 12572428 | US | |
| Parent | 09818425 | Mar 2001 | US |
| Child | 11280469 | US |
