Patent Grant
7613928
The present invention relates generally to non-volatile memory devices and in particular the present invention relates to a security method for preventing accidental or unauthorized writes to a flash memory.
Memory devices are typically provided as internal storage areas in a computer. The term memory identifies data storage that comes in the form of integrated circuit chips. There are several different types of memory, including random access memory (RAM). RAM is typically used as main memory in a computer environment. Most RAM is volatile, which means that it requires a steady flow of electricity to maintain its contents. As soon as the power is turned off, whatever data was in RAM is lost.
Computers can also contain a small amount of read-only memory (ROM) that holds instructions for starting up the computer. This type of memory retains stored data when the power is turned off and is generally referred to as non-volatile memory. An EEPROM (electrically erasable programmable read-only memory) is a special type of non-volatile ROM that can be erased by exposing it to an electrical charge. Like other types of ROM, EEPROM is traditionally not as fast as RAM. EEPROM comprise a large number of memory cells having electrically isolated gates (floating gates). Data is stored in the memory cells in the form of charge on the floating gates. Charge is transported to or removed from the floating gates by programming and erase operations, respectively.
Yet another type of non-volatile memory is a flash memory. A flash memory is a type of EEPROM that can be erased and reprogrammed in blocks instead of one byte at a time. Many modern computers have their basic I/O system (BIOS) stored on flash memory chips. A BIOS is a program that is used by a processor for starting the computer system when the power is turned on or reset (power-up). Upon power-up, instructions contained in the BIOS are transferred to a processor, thereby giving the processor the instructions it needs to properly start up and operate the system. The BIOS also manages the data flow between the computer's operating system and the hardware of the computer system. Storing a BIOS in a flash memory is desirable because it allows the BIOS to be easily updated as needed. However, since write operations to a flash memory chip are easy to accomplish, the potential for accidental or unauthorized writes is increased. Therefore, an effective way to secure a flash memory array from accidental or unauthorized writes is needed.
For the reasons stated above, and for other reasons stated below which will become apparent to those skilled in the art upon reading and understanding the present specification, there is a need in the art for a flash memory that has the ability to secure the memory array from accidental or unauthorized writes.
The above-mentioned problems with memory devices and other problems are addressed by the present invention and will be understood by reading and studying the following specification.
In one embodiment, the present invention provides a flash memory device that has a memory array and a check register to store an access code. The check register only allows write operations to the memory array in response to the access code.
In another embodiment, a flash memory system comprises a flash memory array having a BIOS program and a check register. The BIOS program contains a program to generate a random access code when executed by a processor. The check register stores the random access code and enables write operations to the flash memory array based upon an externally provided access code.
In another embodiment, a flash memory system comprises a processor to process data, a memory array that stores a BIOS program to instruct the processor to generate an access code and a check register to store the access code generated by the processor. The check register enables write operations to the memory array in response to writes of the access code.
In another embodiment, a flash memory system comprises a processor to process data, a memory array that stores a BIOS program, control circuitry to control write operations to the memory array in response to a write enable signal, and a check register to store an access code generated by the processor. The BIOS program contains a program to instruct the processor to generate the access code at power up. The check register toggles the write enable signal between an active LOW and an inactive HIGH in response to writes of the access code.
In another embodiment, a flash memory system comprises a memory array having a BIOS program, a processor to execute the BIOS program, control circuitry to control write operations to the memory array in response to a write enable signal and a check register to store a random access code generated by the BIOS program. The check register gates the write enable signal to the control circuitry in response to the random access code.
In another embodiment, a flash memory system comprises a memory array having a BIOS program stored therein, control circuitry to control write operations to the memory array, a processor to execute the BIOS program and a program logic device to store a random access code generated by the processor from instructions contained in the BIOS program. The program logic device gates a write enable signal to the control circuitry in response to the random access code.
In another embodiment, a processor system comprises a non-volatile memory device, a code register coupled to the non-volatile memory device and a processor coupled to provide a request code to the code register. The code register controls a write enable signal of the non-volatile memory device.
A method of operating a flash memory comprises generating a random access code at power up, writing the access code to a check register, and toggling write enable signals in response to writes of the access code to the check register.
Another method of operating a flash memory system comprises powering up a flash memory, executing a BIOS program, generating a random access code in response to the executed BIOS program, storing the random access code in a check register, and toggling write enable signals of the flash memory in response to writes of the random access code to the check register.
Another method of operating a flash memory system comprises generating a random access code at power up, storing the random access code in a check register that controls a write enable signal to a flash memory, executing a utility program containing instructions to write to the flash memory, verifying the authenticity of the utility program, toggling the check register to assert the write enable signal, writing to the flash memory array, and toggling the check register to disable the write enable signal.
Another method of operating a flash memory system comprises executing a utility program containing instructions to write to a flash memory array, verifying the authenticity of the utility program with a BIOS program, asserting a write enable signal if the utility program is authenticated, and writing to the flash memory array.
Another method of operating a memory system comprises generating an enable code, issuing a write request from a processor wherein the write request comprises a request code, comparing the request code to the enable code, and providing a write enable signal to a memory device in response to the comparison.
In the following detailed description of the present embodiments, reference is made to the accompanying drawings that form a part hereof, and in which is shown by way of illustration specific embodiments in which the inventions may be practiced. These embodiments are described in sufficient detail to enable those skilled in the art to practice the invention, and it is to be understood that other embodiments may be utilized and that logical, mechanical and electrical changes may be made without departing from the spirit and scope of the present invention. The following detailed description is, therefore, not to be taken in a limiting sense, and the scope of the present invention is defined only by the claims.
A basic flash memory system is illustrated in
Typically, in the prior art, a flash utility program 26 controls writes to the flash memory 10 as illustrated in
The present invention secures write operations to the flash memory array 22 by gating the write enable signals. The BIOS in the present invention, directs a processor to generate a random access code, or enable code, on power-up that is specific to each boot cycle. That is, the random access code generated during the booting of a computer system, is maintained until the power is removed from the system or the system is reset. Thereafter, a different random code is generated the next time the system is booted. The booting of a computer system is the process by which the computer system is placed into an operational state after power-up. In the present invention, a write operation to the flash memory array is denied unless a request code is provided that matches the access code generated during the then current boot cycle. This design prevents accidental or unauthorized writes.
One embodiment of the present invention is illustrated in
In one embodiment, the BIOS 38 program also maintains the access code. BIOS 38 and check register 32 use the access code to gate the write enable signals to the memory control circuitry 28 during write operations. When a user executes a program containing an instruction to write to the flash memory array 36, the write operation will be denied by the BIOS 38 unless the program has an authorization code that is recognized by the BIOS 38. However, if the program has the authorization code, the BIOS 38 sends the access code to the check register 32 toggling the write enable signal to an active LOW. The program can then perform a write operation to the flash memory array 36. Once the program has completed the write operation, the BIOS 38 once again sends the access code to the check register 32 thereby toggling the write enable signal to an inactive HIGH. The authorization code in the program recognized by the BIOS 38 can be made more secure by changing the authorization code with each reflashing of the BIOS 38.
Although, the access code does not have to be generated at each power-up, there are certain advantages of doing so, especially in a computer environment. During the booting of a computer, optional third party software programs can be executed that the BIOS 38 has no control over. For example, one of the first things to occur after the initial boot-up of a personal computer is that a video BIOS program on a video card may be executed. During execution of the video BIOS program, the BIOS program 38 of the system transfers control over to the video BIOS program. During this time an unintentional or unauthorized write could be made to the flash memory array. This situation provides a weak point in security of the computer. These security risks can be avoided by setting the access code before the optional third party software programs are executed. In addition, having a dynamic random access code that is generated at each power-up makes it extremely difficult for someone to discover the access code.
One embodiment of check register 32 is illustrated in
The size of the access code size could be 8, 16, 32 or 64 bits. The larger the number of bits the more difficult the access code will be to discover. However, it will be appreciate by those skilled in the art that the bit length of the access code can very with the size of the registers used and that the present invention is not limited to 8, 16, 32 or 64 bits. In addition, the storage devices in the check register 32 are designed so that the random access code generated at power up is erased when the power is removed. This ensures the check register is ready to accept a new access code at the next power up. This can be accomplished by using storage devices in the check register 32 that are volatile.
A flow chart illustrating a method 50 of gating write enable signals according to one embodiment of the present invention is illustrated in
In another embodiment, a logic circuit 66 automatically toggles the write enable signal to an inactive HIGH after the completion of a write operation. This embodiment is illustrated in
Although, an active LOW write enable signal is described as allowing write operations and an inactive HIGH write enable signal as denying write operations, it will be appreciated by those in the art that the flash memory 40 could be designed so that an active HIGH signal allows write operations and an inactive LOW signal denies write operations. Therefore, the present invention is not limited to an active LOW signal and an inactive HIGH signal.
Moreover, even though the check register 32 is illustrated in
In another embodiment, the check register 32 and logic circuit 66 are placed outside the flash chip 38 in a programmed logic device 70. This embodiment is illustrated in
In another embodiment of the present invention, reflashing the BIOS 38 requires that the replacement BIOS program contains the access code generating program. This is required since the original BIOS 38 that contained the access code generating program will have been erased. An alternative embodiment, stores the access code generating program in a portion of the flash memory that is protected from being written over. In this embodiment the updated BIOS 38 does not need to contain the program to generate the random access code at boot up, since that part of the program was not erased during the reflashing.
A security method for preventing accidental or unauthorized writes to a flash memory has been described. According to one embodiment of the present invention, a BIOS program stored in a flash memory array generates a random access code when executed by a processor. A check register stores the random access code and enables write operations to the flash memory array based upon an externally provided access code. In another embodiment, the BIOS program directs the processor to write the random access code to the check register to enable write operations in response to an external write request.
Although specific embodiments have been illustrated and described herein, it will be appreciated by those of ordinary skill in the art that any arrangement, which is calculated to achieve the same purpose, may be substituted for the specific embodiment shown. This application is intended to cover any adaptations or variations of the present invention. Therefore, it is manifestly intended that this invention be limited only by the claims and the equivalents thereof.
This application is a continuation of U.S. patent application Ser. No. 09/818,425, filed Mar. 27, 2001 and titled, FLASH DEVICE SECURITY METHOD UTILIZING A CHECK REGISTER, now U.S. Pat. No. 6,996,721, which is commonly assigned and incorporated by reference herein in its entirety.
| Number | Name | Date | Kind |
|---|---|---|---|
| 4757533 | Allen et al. | Jul 1988 | A |
| 4796235 | Sparks et al. | Jan 1989 | A |
| 4819204 | Schrenk | Apr 1989 | A |
| 4975878 | Boddu et al. | Dec 1990 | A |
| 5012514 | Renton | Apr 1991 | A |
| 5327564 | Little | Jul 1994 | A |
| 5442704 | Holtey | Aug 1995 | A |
| 5469564 | Junya | Nov 1995 | A |
| 5666516 | Combs | Sep 1997 | A |
| 5774545 | Raghavachari | Jun 1998 | A |
| 5778070 | Mattison | Jul 1998 | A |
| 5844986 | Davis | Dec 1998 | A |
| 6018800 | Ruckdashel | Jan 2000 | A |
| 6032237 | Inoue et al. | Feb 2000 | A |
| 6311273 | Helbig, Sr. et al. | Oct 2001 | B1 |
| 6480097 | Zinsky et al. | Nov 2002 | B1 |
| 6633981 | Davis | Oct 2003 | B1 |
| 6715049 | Hayakashi | Mar 2004 | B1 |
| Number | Date | Country | |
|---|---|---|---|
| 20060069924 A1 | Mar 2006 | US |
| Number | Date | Country | |
|---|---|---|---|
| Parent | 09818425 | Mar 2001 | US |
| Child | 11280469 | US |
