Semiconductor memory system and operating method thereof

What is claimed is: 1 . An operating method of a semiconductor memory system comprising: storing at least a customer identification (ID) identifying a customer in a one-time-programmable memory device; providing a memory device; coupling the memory device to a memory controller including a processor, the memory controller contains instructions executed by the processor; authenticating whether a program is authorized by a controller provider for the customer in a first-level signature authentication, in accordance with a customer image format; authenticating whether the program is authorized by the customer in a second-level signature authentication, in accordance with a program image format, after the first-level signature authentication is passed, when the customer image indicates the second-level signature authentication, wherein the program image format is different than the customer image format; storing the program into the memory device after the first-level signature authentication and second-level signature authentication are passed; and executing the program after the program is authenticated. 2 . The method of claim 1 wherein the authenticating the program is authorized by the controller comprises signing the program with a controller private key for generating a controller signature by a controller signing server, authenticating the controller signature with a controller public key, and matching the customer ID with a program customer ID defined in the program. 3 . The method of claim 2 wherein the signing the program comprises encrypting the controller private key into the controller signature, and authenticating the controller signature comprises decrypting the controller signature with the controller public key. 4 . The method of claim 1 wherein the authenticating the program is authorized by the customer comprises signing the program with a customer private key for generating a customer signature by a customer signing server or a controller signing server, and authenticating the customer signature with a customer public key. 5 . The method of claim 4 wherein the signing the program comprises encrypting the customer private key into the customer signature, and authenticating the customer signature comprises decrypting the customer signature with the customer public key. 6 . The method of claim 4 wherein the authenticating the customer signature comprises authenticating the customer signature with a new customer public key defined in the program, decrypting the customer signature with the new customer public key. 7 . The method of claim 6 further comprising: embedding the controller public key into the memory device after the first-level signature authentication is passed; and authenticating the program is authorized by the controller for the customer identified by the customer ID in a repeated first-level signature authentication after the second-level signature authentication is passed. 8 . The method of claim 7 wherein the authenticating the program is authorized by the controller in the repeated first-level signature authentication comprises authenticating the controller signature with the embedded controller public key, decrypting the controller signature with the embedded first public key, and matching the customer ID with the program customer ID defined in the program. 9 . The method of claim 8 further comprising: saving the program into the memory device, after the first-level signature authentication, the second-level signature authentication, the repeated first-level signature authentication, or the combination thereof, is passed; and executing the program for a secure booting. 10 . The method of claim 1 further comprising: embedding a controller public key into the memory device after the first-level signature authentication is passed; saving the program into the memory device, after the first-level signature authentication, the second-level signature authentication, or the combination thereof, is passed; and executing the program for a secure booting. 11 . The method of claim 1 further comprising: producing a controller key pair including a controller private key and a controller public key, and a customer key pair including a customer private key and a customer public key, by a key generation algorithm. 12 . The method of claim 1 wherein the authenticating at least the program comprises authenticating multiple programs authorized by the controller, and storing at least the customer ID comprises storing multiple customer IDs for multiple customers, one of the multiple customer IDs identifies one of the multiple customers exclusively. 13 . The method of claim 12 wherein the authenticating the multiple programs comprises one of the multiple programs is authenticated for one of the multiple customers exclusively. 14 . A semiconductor memory system comprising: a one-time-programmable memory device storing at least a customer identification (ID) identifying a customer; a memory device; and a memory controller including a processor, and coupled to the memory device, containing instructions executed by the processor, and suitable for authenticating whether a program is authorized by a controller provider for the customer in a first-level signature authentication, in accordance with a customer image format, authenticating whether the program is authorized by the customer in a second-level signature authentication, in accordance with a program image format, after the first-level signature authentication is passed, when the customer image indicates the second-level signature authentication, wherein the program image format is different than the customer image format, storing the program into the memory device after the first-level signature authentication and second-level signature authentication are passed, and executing the program after the program is authenticated. 15 . The system of claim 14 wherein the program is signed with a controller private key for generating a controller signature by a controller signing server, the controller signature is authenticated with a controller public key, and the customer ID is matched with a program customer ID defined in the program. 16 . The system of claim 15 wherein the the controller private key is encrypted into the controller signature, and the controller signature is decrypted with the controller public key. 17 . The system of claim 14 wherein the program is signed with a customer private key for generating a customer signature by a customer signing server or a controller signing server, and the customer signature is authenticated with a customer public key. 18 . The system of claim 17 wherein the the customer private key is encrypted into the customer signature, and the customer signature is decrypted with the customer public key. 19 . The system of claim 17 wherein the customer signature includes a new customer signature, wherein the new customer signature is decrypted and authenticated with a new customer public key provided in the program. 20 . The system of claim 14 further comprising: one of multiple customers identified by one of multiple customer IDs exclusively, and one of multiple programs is authenticated by the controller provider for one of the multiple customers exclusively; an embedded controller public key is embedded into the memory device after the first-level signature authentication is passed; and a re