Critical security parameter generation and exchange system and method for smart-card memory modules

摘要

A storage device contains a smart-card device and a memory device, which is connected to a controller. The storage device may be used in the same manner as a conventional smart-card device, or it may be used to store a relatively large amount of data. The memory device may also be used to store data or instructions for use by the smart-card device. The controller includes a security engine that uses critical security parameters stored in, and received from, the smart-card device. The critical security parameters may be sent to the controller in a manner that protects them from being discovered. The critical security parameters may be encryption and/or decryption keys that may encrypt data written to the memory device and/or decrypt data read from the memory device, respectively. Data and instructions used by the smart-card device may therefore stored in the memory device in encrypted form.

主权项

1. An apparatus, comprising:
a controller configured to receive an identifier from a host in communication with the controller, the controller including a security engine configured to receive a critical security parameter and perform encryption and decryption of data based, at least in part, on the critical security parameter; a smart-card device packaged with and coupled to the controller, the smart-card device including:
a processor including a cryptography engine, the cryptography engine configured to authenticate a user based, at least in part, on the identifier, the processor configured to provide the critical security parameter to the security engine, responsive to the cryptography engine authenticating the user; anda memory configured to store the critical security parameter; and a memory device packaged with and coupled to the controller, wherein the memory device is configured to store and transmit data with the controller.