TWI767064B - Image transmitting device, a method of operating an image transmitting device and a system on chip - Google Patents

Image transmitting device, a method of operating an image transmitting device and a system on chip Download PDF

Info

Publication number
TWI767064B
TWI767064B TW107134149A TW107134149A TWI767064B TW I767064 B TWI767064 B TW I767064B TW 107134149 A TW107134149 A TW 107134149A TW 107134149 A TW107134149 A TW 107134149A TW I767064 B TWI767064 B TW I767064B
Authority
TW
Taiwan
Prior art keywords
image
transmission device
image transmission
authentication
area
Prior art date
Application number
TW107134149A
Other languages
Chinese (zh)
Other versions
TW201916630A (en
Inventor
申鍾勳
裵基晳
崔弘默
姜智守
金栽赫
李惠秀
黃孝善
Original Assignee
南韓商三星電子股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 南韓商三星電子股份有限公司 filed Critical 南韓商三星電子股份有限公司
Publication of TW201916630A publication Critical patent/TW201916630A/en
Application granted granted Critical
Publication of TWI767064B publication Critical patent/TWI767064B/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/43Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
    • H04N21/434Disassembling of a multiplex stream, e.g. demultiplexing audio and video streams, extraction of additional data from a video stream; Remultiplexing of multiplex streams; Extraction or processing of SI; Disassembling of packetised elementary stream
    • H04N21/4343Extraction or processing of packetized elementary streams [PES]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N25/00Circuitry of solid-state image sensors [SSIS]; Control thereof

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Multimedia (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Studio Devices (AREA)
  • Photoreceptors In Electrophotography (AREA)

Abstract

An image transmitting device, a method of operating an image transmitting device, and a system on chip receiving an image from an image transmitting device are provided. A security device providing a security function for an image, a camera device including the same, and a system on chip for controlling the camera device are provided. An image transmitting device may include an image processor configured to process an image to be transmitted to an external device, and a security circuit including a key shared with the external device. The security circuit may be configured to generate a tag used for image authentication by using data of a partial region of the image and the key based on region information for selecting the partial region of the image. The image transmitting device may be configured to transmit the tag, generated to correspond to the image, to the external device with data of the image. By the image transmitting device of the invention, vulnerability can be prevented or reduced in the security of an image processing system due to the forged or falsified image.

Description

圖像傳輸裝置、操作圖像傳輸裝置的方法以及片上系統Image transmission device, method of operating image transmission device, and system on chip

本發明是有關於一種安全裝置,且特別是有關於一種提供圖像的安全功能的安全裝置、包含安全裝置的攝像頭裝置和用於控制攝像頭裝置的片上系統。The present invention relates to a security device, and more particularly, to a security device providing a security function of an image, a camera device including the security device, and a system-on-chip for controlling the camera device.

當前,包含攝像頭感測器的汽車攝像頭裝置中未恰當地提供安全功能。在類似領域中,常見監控攝像頭配備有安全措施,以對圖像進行加密並將加密的圖像傳輸到伺服器。然而,現有安全方法並不適合與即時傳輸的圖像一起使用,如在汽車攝像頭裝置的情況下。Currently, safety features are not properly provided in automotive camera devices that include camera sensors. In a similar field, common surveillance cameras are equipped with security measures to encrypt the image and transmit the encrypted image to a server. However, existing security methods are not suitable for use with images that are transmitted instantaneously, as in the case of car camera installations.

最近,相對於深度學習,自動駕駛已獲得廣泛地關注。對應技術的目的為分析從攝像頭感測器所傳輸的圖像、識別狀態和控制駕駛。然而,在從非法或未經授權的攝像頭感測器傳輸偽造或篡改的圖像時,汽車的保障和安全可能難以達標且甚至可能導致嚴重的汽車事故。Recently, autonomous driving has gained a lot of attention relative to deep learning. The purpose of the corresponding technology is to analyze the image transmitted from the camera sensor, to recognize the state, and to control the driving. However, when fake or tampered images are transmitted from illegal or unauthorized camera sensors, vehicle security and safety can be difficult to achieve and can even lead to serious car accidents.

一個或多個實例實施例提供一種通過認證合法攝像頭感測器和通過防止偽造或篡改圖像來提供安全功能的安全裝置、包含所述安全裝置的攝像頭裝置和用於控制攝像頭裝置的片上系統(system on chip;SOC)。One or more example embodiments provide a security device that provides a security function by authenticating a legitimate camera sensor and by preventing forgery or tampering of images, a camera device including the security device, and a system-on-a-chip for controlling the camera device ( system on chip; SOC).

根據實例實施例的方面,提供一種圖像傳輸裝置,所述圖像傳輸裝置包含:圖像處理器,被配置成處理待傳輸到外部裝置的圖像;以及安全電路,包含與外部裝置共用的金鑰,所述安全電路被配置成通過使用圖像的部分區域的資料和基於選擇圖像的部分區域的區域資訊的金鑰產生用於圖像認證的標記。圖像傳輸裝置可被配置成將對應於圖像所產生的標記與圖像的資料一起傳輸到外部裝置。According to aspects of the example embodiments, there is provided an image transmission device including: an image processor configured to process images to be transmitted to an external device; and a security circuit including a common with the external device The security circuit is configured to generate a token for image authentication by using the data of the partial area of the image and the key based on the area information of the partial area of the selected image. The image transmission device may be configured to transmit the indicia generated corresponding to the image to the external device together with the material of the image.

根據實例實施例的方面,提供一種操作圖像傳輸裝置的方法。所述方法可包含:通過與外部裝置通信獲得待用於圖像認證的工作階段金鑰(session key);基於表示圖像內的部分區域的位置的區域資訊選擇待傳輸到外部裝置的圖像的部分區域;通過使用工作階段金鑰和圖像的部分區域的資料來產生對應於圖像的標記;以及將包含圖像和對應於圖像的標記的封包傳輸到外部裝置。According to aspects of the example embodiments, a method of operating an image transmission device is provided. The method may include: obtaining a session key to be used for image authentication by communicating with an external device; selecting an image to be transmitted to the external device based on region information representing the location of a partial region within the image generating a mark corresponding to the image by using the working session key and data of the partial area of the image; and transmitting the packet containing the image and the mark corresponding to the image to the external device.

根據實例實施例的方面,提供一種從圖像傳輸裝置接收圖像的片上系統(SOC)。SOC可包含:認證器,被配置成通過使用圖像傳輸裝置執行裝置認證過程來檢查圖像傳輸裝置是否是經過授權的裝置;以及圖像處理器,被配置成從圖像傳輸裝置接收圖像和對應於圖像的第一標記,通過使用圖像的部分區域的資料和基於選擇圖像的部分區域的區域資訊的工作階段金鑰來計算第二標記,以及通過將第一標記與第二標記進行比較來執行圖像認證。According to aspects of example embodiments, there is provided a system on a chip (SOC) that receives an image from an image transmission device. The SOC may include: an authenticator configured to check whether the image transmission device is an authorized device by performing a device authentication process using the image transmission device; and an image processor configured to receive the image from the image transmission device and the first label corresponding to the image, the second label is calculated by using the data of the partial area of the image and the work stage key based on the area information of the selected partial area of the image, and by comparing the first label with the second label tags are compared to perform image authentication.

在根據實例實施例的安全裝置、包含所述安全裝置的攝像頭裝置以及用於控制攝像頭裝置的SOC中,因為可通過認證提供圖像的攝像頭感測器來檢查合法攝像頭裝置,且檢查從攝像頭裝置所傳輸的圖像是否為偽造或者篡改,所以可改進使用攝像頭裝置的系統的安全功能。In the security device, the camera device including the security device, and the SOC for controlling the camera device according to example embodiments, since the legitimate camera device can be checked by authenticating the camera sensor that provides the image, and the slave camera device is checked Whether the transmitted image is forged or tampered with, the security function of the system using the camera device can be improved.

另外,在根據實例實施例的安全裝置、包含所述安全裝置的攝像頭裝置以及用於控制攝像頭裝置的SOC中,在將攝像頭裝置應用於自動系統時,因為可預防偽造或篡改的圖像被用於自動系統,所以可提供具有改進性能、能夠防止嚴重事故發生的自動系統。In addition, in the security device, the camera device including the security device, and the SOC for controlling the camera device according to example embodiments, when the camera device is applied to an automatic system, since a forged or tampered image can be prevented from being used For automatic systems, it is possible to provide automatic systems with improved performance that can prevent serious accidents.

最近,相對於深度學習,自動系統已獲得廣泛地關注。此技術允許分析從攝像頭感測器所傳輸的圖像、識別狀態和控制車輛駕駛。為此目的,有必要確定圖像是否從經過授權的攝像頭裝置傳輸且所傳輸的圖像是否為非偽造或篡改。在確定所傳輸的圖像為偽造或篡改時,攻擊者可從未經過認證的攝像頭裝置傳輸偽造或篡改的圖像,這可能導致可威脅駕駛員生命的嚴重事故。因此,在汽車產品中,有必要認證攝像頭裝置和認證由對應攝像頭所傳輸的圖像。Recently, autonomous systems have gained a lot of attention relative to deep learning. This technology allows to analyze the images transmitted from the camera sensors, identify the status and control the driving of the vehicle. For this purpose, it is necessary to determine whether the image is transmitted from an authorized camera device and whether the transmitted image is not forged or tampered with. When the transmitted image is determined to be forged or tampered with, an attacker could transmit the forged or tampered image from an unauthenticated camera device, which could result in a serious accident that could threaten the driver's life. Therefore, in automotive products, it is necessary to authenticate the camera device and to authenticate the images transmitted by the corresponding cameras.

圖1為繪示根據實例實施例可應用的圖像傳輸裝置100和包含所述圖像傳輸裝置100的圖像處理系統10的框圖。舉例來說,圖像處理系統10可包含圖像傳輸裝置100和圖像處理裝置200。圖像傳輸裝置100可為用於通過使用攝相機鏡頭執行照相操作的攝像頭裝置。在這種情況下,圖像處理系統10可對應於攝像頭系統。圖像處理系統10可應用於各種系統中的一種。舉例來說,圖像處理系統10可應用於自動系統(或自動模組)。FIG. 1 is a block diagram illustrating an image transmission device 100 applicable according to an example embodiment and an image processing system 10 including the image transmission device 100 . For example, the image processing system 10 may include the image transmission device 100 and the image processing device 200 . The image transmission device 100 may be a camera device for performing a photographing operation by using a camera lens. In this case, the image processing system 10 may correspond to a camera system. The image processing system 10 may be applied to one of various systems. For example, the image processing system 10 may be applied to an automated system (or automated module).

圖像處理裝置200可接收從圖像傳輸裝置100所傳輸的圖像(或圖像資料),且可對圖像(或圖像資料)執行處理操作。根據實施例,圖像處理裝置200可包含與圖像傳輸裝置100分別實施的半導體晶片。作為半導體晶片的實例,在圖1中,繪示片上系統(SOC),其中處理器和圖像處理模組集成在一個半導體晶片中。在將圖像處理系統10應用於自動系統時,圖像處理裝置200可被稱為高級駕駛員輔助系統(advanced driver-assistance system;ADAS)SOC。The image processing device 200 may receive the image (or image data) transmitted from the image transmission device 100, and may perform processing operations on the image (or image data). According to an embodiment, the image processing apparatus 200 may include a semiconductor wafer implemented separately from the image transmission apparatus 100 . As an example of a semiconductor wafer, in FIG. 1, a system-on-chip (SOC) is shown in which a processor and an image processing module are integrated in one semiconductor wafer. When the image processing system 10 is applied to an automatic system, the image processing apparatus 200 may be referred to as an advanced driver-assistance system (ADAS) SOC.

根據實施例,圖像傳輸裝置100可對圖像資料進行加密且將加密的圖像資料提供到圖像處理裝置200,並且圖像處理裝置200可通過解碼處理恢復圖像。在圖1中,將一個圖像處理裝置200和N個圖像傳輸裝置100繪示為圖像處理系統10的實施實例,其中N為自然數。然而,圖像處理系統10可被實施為具有其它各種形式中的一種。舉例來說,圖像處理系統10可包含多於兩個圖像處理裝置200,且包含於圖像處理系統10中的圖像傳輸裝置100的數目可變化,包含此處僅存在單個圖像傳輸裝置100的情況。According to an embodiment, the image transmission apparatus 100 may encrypt the image material and provide the encrypted image material to the image processing apparatus 200, and the image processing apparatus 200 may restore the image through decoding processing. In FIG. 1 , one image processing apparatus 200 and N image transmission apparatuses 100 are shown as an implementation example of the image processing system 10 , where N is a natural number. However, the image processing system 10 may be implemented in one of various other forms. For example, image processing system 10 may include more than two image processing devices 200, and the number of image transmission devices 100 included in image processing system 10 may vary, including here that there is only a single image transmission The case of device 100.

假定圖像處理系統10為自動系統,對車輛而言可採用約十個攝像頭裝置,且通過每一個攝像頭裝置的攝像頭感測器所傳輸的圖像的資料的量可為約6 Gbps到12 Gbps。圖像處理裝置200必需分析從攝像頭感測器接收的大量圖像,以基於所分析圖像解譯當前的交通狀況和障礙物,並且以即時執行後續操作的裝置控制。執行用於檢查是否從經過授權的攝像頭裝置傳輸圖像和傳輸圖像的過程中是否未出現偽造和篡改的安全處理操作有其必要性。在未滿足以上安全請求項目時,可通過使用來自被攻擊的攝像頭裝置的圖像或傳輸過程中偽造或篡改的圖像來控制自動駕駛,這可能導致可威脅駕駛員的生命的問題。另外,因為自動系統中的圖像處理涉及即時處理資料資訊,所以性能下降的容許度可能極少甚至無容許度。Assuming that the image processing system 10 is an automatic system, about ten camera devices may be employed for the vehicle, and the amount of data of the images transmitted through the camera sensors of each camera device may be about 6 Gbps to 12 Gbps . The image processing device 200 has to analyze a large number of images received from the camera sensors to interpret current traffic conditions and obstacles based on the analyzed images, and to perform device control of subsequent operations in real time. It is necessary to perform a secure processing operation for checking whether images are transmitted from an authorized camera device and whether forgery and tampering have not occurred during the transmission of images. When the above security request items are not met, autonomous driving can be controlled by using images from the attacked camera device or images that are forged or tampered with during transmission, which can lead to problems that can threaten the life of the driver. Additionally, because image processing in automated systems involves real-time processing of data information, there may be little or no tolerance for performance degradation.

根據實施例,可在圖像傳輸裝置100與圖像處理裝置200之間執行認證操作,且圖像處理裝置200可通過認證來確定圖像傳輸裝置100是否為經過授權的裝置。另外,圖像傳輸裝置100可對圖像執行安全處理操作(例如,安全程式),以使得圖像處理裝置200可確定圖像是否為非偽造或篡改的,且圖像處理裝置200可通過對所接收的圖像執行安全處理操作來確定圖像是否為非偽造或篡改的。相對於安全處理,確定圖像傳輸裝置100是否是經過授權的裝置的操作可根據裝置認證(或攝像頭認證)來定義,且確定通過圖像傳輸裝置100所傳輸的圖像是否為非偽造或篡改的操作可根據圖像認證來定義。According to an embodiment, an authentication operation may be performed between the image transmission apparatus 100 and the image processing apparatus 200, and the image processing apparatus 200 may determine whether the image transmission apparatus 100 is an authorized apparatus through authentication. In addition, the image transmission apparatus 100 may perform a secure processing operation (eg, a security program) on the image, so that the image processing apparatus 200 may determine whether the image is not forged or tampered, and the image processing apparatus 200 may The received image is subjected to secure processing operations to determine whether the image is not counterfeit or tampered with. With respect to the security process, the operation of determining whether the image transmission device 100 is an authorized device may be defined in terms of device authentication (or camera authentication), and determining whether the image transmitted by the image transmission device 100 is not counterfeit or tampered with The operation can be defined in terms of image authentication.

根據實施例,對於上述安全功能而言,圖像傳輸裝置100可包含用於執行裝置認證和圖像認證的安全處理的安全電路110。另外,圖像處理裝置200可包含使用圖像傳輸裝置100的裝置認證和圖像認證的安全處理器210和用於處理從圖像傳輸裝置100所傳輸的圖像資料的圖像處理器220。安全電路110可包含硬體元件,以使得安全電路110的功能可通過硬體信號處理來實施。或者,安全電路110的功能可通過執行程式的處理器以軟體來實施或可通過硬體與軟體的組合來實施。另外,類似地,安全處理器210和圖像處理器220可以硬體、軟體或硬體與軟體的組合來實施,以使得可執行安全處理器210和圖像處理器220的功能。According to an embodiment, for the above-described security functions, the image transmission device 100 may include a security circuit 110 for performing security processing of device authentication and image authentication. In addition, the image processing device 200 may include a security processor 210 for device authentication and image authentication using the image transmission device 100 and an image processor 220 for processing image materials transmitted from the image transmission device 100 . The safety circuit 110 may include hardware elements such that the functions of the safety circuit 110 may be implemented through hardware signal processing. Alternatively, the functions of the safety circuit 110 may be implemented in software by a processor executing a program or may be implemented by a combination of hardware and software. Additionally, similarly, the security processor 210 and the image processor 220 may be implemented in hardware, software, or a combination of hardware and software, such that the functions of the security processor 210 and the image processor 220 may be performed.

作為操作實例,在傳輸真實圖像之前,圖像傳輸裝置100和圖像處理裝置200可執行裝置認證過程。舉例來說,裝置認證過程可在圖像傳輸裝置100的初始驅動(或啟動)期間執行或者系統被實施為可使得在圖像傳輸裝置100採用(例如,安裝)到圖像處理系統10且初始驅動時執行裝置認證過程。As an operation example, before transmitting a real image, the image transmission apparatus 100 and the image processing apparatus 200 may perform a device authentication process. For example, the device authentication process may be performed during initial driving (or startup) of the image transmission device 100 or the system may be implemented such that the image transmission device 100 is adopted (eg, installed) into the image processing system 10 and initially The device authentication process is performed when driving.

在圖像傳輸裝置100通過裝置認證過程被認證和確定為經過授權的裝置時,圖像傳輸裝置100可通過內部感測器或外部感測器將所獲得的圖像傳輸到圖像處理裝置200。根據實施例,為了認證由圖像傳輸裝置100所傳輸的圖像,安全電路110可對圖像執行安全處理操作,以使得圖像處理裝置200可確定圖像是否是偽造或篡改的。在圖像處理系統10對應於自動系統時,圖像處理裝置200可通過使用從執行裝置認證的圖像傳輸裝置100所傳輸的圖像並確定圖像為非偽造或篡改的來執行自動駕駛的分析。When the image transmission device 100 is authenticated and determined to be an authorized device through the device authentication process, the image transmission device 100 may transmit the obtained image to the image processing device 200 through the internal sensor or the external sensor . According to an embodiment, in order to authenticate an image transmitted by the image transmission device 100, the security circuit 110 may perform a security processing operation on the image so that the image processing device 200 may determine whether the image is forged or tampered with. When the image processing system 10 corresponds to an automatic system, the image processing apparatus 200 may perform automatic driving by using an image transmitted from the image transmission apparatus 100 performing apparatus authentication and determining that the image is not forged or tampered with analyze.

根據實施例,在圖像認證的安全處理中,圖像傳輸裝置100的安全電路110可通過產生圖像的標記資訊和傳輸除圖像之外的標記資訊來執行上述安全處理。舉例來說,安全電路110可通過使用圖像和先前設定的資訊(例如,與圖像處理裝置200共用的工作階段金鑰)產生消息認證碼(message authentication code;MAC),且使用對應圖像將產生的MAC傳輸到圖像處理裝置200。圖像處理裝置200可通過使用所接收的圖像和先前設定的資訊來計算MAC,且通過將從圖像傳輸裝置100所傳輸的MAC與由圖像處理裝置200計算的MAC進行比較來確定從圖像傳輸裝置100所傳輸的圖像是否是經過授權的圖像(例如,非偽造或篡改的圖像)。According to an embodiment, in the security process of image authentication, the security circuit 110 of the image transmission device 100 may perform the above security process by generating tag information of the image and transmitting tag information other than the image. For example, the security circuit 110 may generate a message authentication code (MAC) by using the image and previously set information (eg, a session key shared with the image processing device 200 ), and use the corresponding image The generated MAC is transmitted to the image processing apparatus 200 . The image processing apparatus 200 may calculate the MAC by using the received image and previously set information, and determine the MAC from the image transmission apparatus 100 by comparing the MAC transmitted from the image transmission apparatus 100 with the MAC calculated by the image processing apparatus 200 . Whether the image transmitted by the image transmission apparatus 100 is an authorized image (eg, a non-forged or tampered image).

另外,根據實施例,圖像傳輸裝置100的安全電路110可僅選擇來自某一圖像的部分區域,且可通過使用選擇區域的圖像的資料和先前設定的資訊來產生MAC。另外,圖像處理裝置200可選擇來自所接收的圖像的相同位置中的區域,通過使用選擇區域的圖像資料和先前設定的資訊來計算MAC,以及通過將從圖像傳輸裝置100所傳輸的MAC與由圖像處理裝置200所計算的MAC進行比較來執行圖像認證。根據實施例,可通過圖像傳輸裝置100來任意地選擇用於產生MAC的圖像的部分區域,或圖像處理裝置200可將用於選擇部分區域的資訊(例如,區域資訊或座標)提供到圖像傳輸裝置100。另外,用於產生MAC的圖像的區域的位置可根據各種方法發生變化。舉例來說,可使用固定位置中的區域,或用於產生MAC的圖像的區域的位置可每幀或週期性地變化。In addition, according to an embodiment, the security circuit 110 of the image transmission apparatus 100 may select only a partial area from a certain image, and may generate the MAC by using the data of the image of the selected area and the previously set information. In addition, the image processing apparatus 200 may select an area in the same position from the received image, calculate the MAC by using the image data of the selected area and previously set information, and by transmitting the data from the image transmission apparatus 100 The MAC of the image is compared with the MAC calculated by the image processing apparatus 200 to perform image authentication. According to an embodiment, a partial area of an image for generating a MAC may be arbitrarily selected by the image transmission apparatus 100, or the image processing apparatus 200 may provide information (eg, area information or coordinates) for selecting a partial area to the image transmission device 100. In addition, the location of the area used to generate the image of the MAC may vary according to various methods. For example, regions in fixed locations may be used, or the locations of regions used to generate an image of the MAC may vary per frame or periodically.

根據實例實施例,可對例如包含車輛產品的各種產品中的攝像頭裝置的圖像傳輸裝置執行真正的產品/裝置認證,且由此防止或減小圖像處理系統10由於偽造或篡改的圖像所造成的安全性漏洞。另外,在執行用於圖像認證的安全處理中,因為可僅對圖像的部分區域執行安全處理,所以可減小處理待即時傳輸的圖像的額外負擔。According to example embodiments, true product/device authentication may be performed on image transmission devices such as camera devices in various products including vehicle products, and thereby prevent or reduce image processing system 10 images due to forgery or tampering resulting security breaches. In addition, in performing the security processing for image authentication, since the security processing can be performed only on a partial area of the image, the extra burden of processing the image to be transmitted on-the-fly can be reduced.

圖2為繪示圖1的圖像傳輸裝置100的實施實例的框圖。在圖2中繪示的實例中,圖像傳輸裝置100對應於攝像頭裝置。FIG. 2 is a block diagram illustrating an implementation example of the image transmission apparatus 100 of FIG. 1 . In the example shown in FIG. 2, the image transmission device 100 corresponds to a camera device.

參考圖1和圖2,圖像傳輸裝置100可包含攝像頭感測器101、認證器102、標記產生器103以及圖像區域選擇器104。攝像頭感測器101可包含至少一個鏡頭且可執行照相操作。圖像傳輸裝置100可更包含用於通過使用由攝像頭感測器101拍照的資訊來產生圖像的圖像感測器。Referring to FIGS. 1 and 2 , the image transmission apparatus 100 may include a camera sensor 101 , an authenticator 102 , a marker generator 103 , and an image area selector 104 . The camera sensor 101 may include at least one lens and may perform photographic operations. The image transmission device 100 may further include an image sensor for generating an image by using the information photographed by the camera sensor 101 .

根據一實施例,認證器102、標記產生器103以及圖像區域選擇器104可為包含於圖1的安全電路110中的元件。認證器102可根據上述實施例執行與圖像處理裝置200的裝置認證的相互認證操作。舉例來說,認證器102可執行基於挑戰-回應的認證過程。各種演算法可用於認證過程。舉例來說,認證過程可基於如高級加密標準(advanced encryption standard;AES)或資料加密標準(data encryption standard;DES)的對稱金鑰演算法執行,或可基於如李維斯特-薩默爾-阿德曼(Rivest-Shamir-Adleman;RSA)或橢圓曲線密碼術(elliptic curve cryptography;ECC)的不對稱金鑰演算法執行。According to an embodiment, the authenticator 102, the indicia generator 103, and the image area selector 104 may be elements included in the security circuit 110 of FIG. The authenticator 102 may perform a mutual authentication operation for device authentication with the image processing device 200 according to the above-described embodiments. For example, authenticator 102 may perform a challenge-response based authentication process. Various algorithms can be used for the authentication process. For example, the authentication process may be performed based on a symmetric key algorithm such as the advanced encryption standard (AES) or the data encryption standard (DES), or may be based on, for example, Levister-Somer-Algeria Asymmetric key algorithm implementation of Rivest-Shamir-Adleman (RSA) or elliptic curve cryptography (ECC).

標記產生器103可根據上述實施例執行用於圖像認證的安全處理。舉例來說,標記產生器103可通過操作產生標記,所述操作通過使用上述先前設定的資訊和圖像資料來執行。先前設定的資訊可對應於各種金鑰。舉例來說,可通過使用通過與圖像處理裝置200(或具有與圖像處理裝置200相同的資訊)的協商所獲得的金鑰來執行安全處理。根據實施例,先前設定的資訊可對應於在會話過程中在圖像傳輸裝置100與圖像處理裝置200之間所傳輸和所接收的工作階段金鑰。The token generator 103 may perform security processing for image authentication according to the above-described embodiments. For example, the marker generator 103 may generate markers through operations performed by using the previously set information and image data described above. The previously set information may correspond to various keys. For example, the security process may be performed by using a key obtained through negotiation with the image processing apparatus 200 (or having the same information as the image processing apparatus 200 ). According to an embodiment, the previously set information may correspond to the session key transmitted and received between the image transmission apparatus 100 and the image processing apparatus 200 during the session.

圖像區域選擇器104可基於區域資訊選擇待執行安全處理的圖像的區域。舉例來說,區域資訊可由圖像傳輸裝置100任意地(例如,隨機地)產生,且可將對應於區域資訊的圖像的區域的資料提供到標記產生器103。或者,區域資訊可為從圖像處理裝置200提供到圖像傳輸裝置100的資訊。另外,如在上述實施例中,通過區域資訊所選擇的圖像的區域的位置可根據時間變化且可在圖像傳輸裝置100中任意地改變,或圖像處理裝置200可將改變的區域資訊提供到圖像傳輸裝置100。The image area selector 104 may select an area of the image to perform security processing based on the area information. For example, the region information may be generated arbitrarily (eg, randomly) by the image transmission device 100 , and the data of the region of the image corresponding to the region information may be provided to the marker generator 103 . Alternatively, the area information may be information provided from the image processing apparatus 200 to the image transmission apparatus 100 . In addition, as in the above-described embodiment, the position of the area of the image selected by the area information may vary according to time and may be arbitrarily changed in the image transmission apparatus 100, or the image processing apparatus 200 may change the changed area information supplied to the image transmission apparatus 100 .

圖3為繪示圖1的圖像處理裝置200的實施實例的框圖。在圖3中,繪示由SOC實施的圖像處理裝置200的實例。圖3和任何其它附圖中繪示的各種模組、元件、區塊以及單元可使用軟體(例如,程式、應用、固件、邏輯等)、硬體(例如,電路、半導體晶片、處理器等)或兩者的組合來實施。FIG. 3 is a block diagram illustrating an implementation example of the image processing apparatus 200 of FIG. 1 . In FIG. 3, an example of an image processing apparatus 200 implemented by an SOC is shown. The various modules, elements, blocks, and units depicted in FIG. 3 and any other figures may use software (eg, programs, applications, firmware, logic, etc.), hardware (eg, circuits, semiconductor chips, processors, etc.) ) or a combination of the two.

參考圖1和圖3,圖像處理裝置200可包含處理器230、安全處理器210、圖像處理器220以及人工智慧(artificial intelligence;AI)操作器240。根據實例實施例的至少一些功能可由執行程式的處理器230來實施,且可進一步在圖像處理裝置200中提供用於載入程式的操作記憶體(即,主記憶體)。1 and 3 , the image processing apparatus 200 may include a processor 230 , a security processor 210 , an image processor 220 , and an artificial intelligence (AI) operator 240 . At least some functions according to example embodiments may be implemented by the processor 230 executing the program, and an operating memory (ie, main memory) for loading the program may further be provided in the image processing device 200 .

安全處理器210可執行與圖像傳輸裝置100的裝置認證的相互認證操作。圖像處理器220可對從圖像傳輸裝置100所傳輸的圖像資料執行處理操作。舉例來說,可更包含封包處理器的圖像處理器220可接收包含圖像的封包,將認證處理上的資訊提供到安全處理器210,且將圖像資料處理上的資訊提供到圖像處理器220。The security processor 210 may perform a mutual authentication operation with the device authentication of the image transmission device 100 . The image processor 220 may perform processing operations on the image data transmitted from the image transmission device 100 . For example, image processor 220, which may further include a packet handler, may receive packets including images, provide information on authentication processing to security processor 210, and provide information on image data processing to images processor 220.

根據實施例,安全處理器210可包含裝置認證器211和圖像認證器212。圖像認證器212可包含標記比較器212_1和圖像區域選擇器212_2。圖像區域選擇器212_2可選擇待通過與圖像傳輸裝置100相同或類似的方法執行安全處理的圖像的區域。在區域資訊由圖像處理裝置200產生時,圖像區域選擇器212_2可通過使用現有區域資訊來選擇圖像的區域。或者,在從圖像傳輸裝置100傳輸區域資訊時,圖像區域選擇器212_2可通過使用從圖像傳輸裝置100所傳輸的區域資訊選擇圖像的區域。標記比較器212_1可通過使用如資料的先前設定的資訊和所選區域的工作階段金鑰來產生標記,將從圖像傳輸裝置100所傳輸的標記與由標記比較器212_1產生的標記進行比較,且根據比較結果執行圖像認證。According to an embodiment, the security processor 210 may include a device authenticator 211 and an image authenticator 212 . The image authenticator 212 may include a tag comparator 212_1 and an image area selector 212_2. The image area selector 212_2 can select an area of an image to be subjected to security processing by the same or similar method as that of the image transmission apparatus 100 . When the region information is generated by the image processing apparatus 200, the image region selector 212_2 can select the region of the image by using the existing region information. Alternatively, when the area information is transmitted from the image transmission apparatus 100 , the image area selector 212_2 may select the area of the image by using the area information transmitted from the image transmission apparatus 100 . The indicia comparator 212_1 can generate the indicia by using previously set information such as data and the session key of the selected area, and compares the indicia transmitted from the image transmission device 100 with the indicia generated by the indicia comparator 212_1, And image authentication is performed according to the comparison result.

在另一方面,在圖像處理系統10對應於自動系統時,AI操作器240可執行自主驅動的AI操作。舉例來說,可將執行圖像認證的圖像提供到AI操作器240。On the other hand, when the image processing system 10 corresponds to an automatic system, the AI operator 240 may perform an autonomously driven AI operation. For example, an image for performing image authentication may be provided to the AI operator 240 .

圖4A和圖4B為繪示根據實例實施例的圖像處理系統300A的各種操作實例的框圖。在圖4A和圖4B中繪示的實例實施例中,上述區域資訊可由圖像傳輸裝置310A或圖像處理裝置320A產生。4A and 4B are block diagrams illustrating various operational examples of image processing system 300A according to example embodiments. In the example embodiment shown in FIGS. 4A and 4B , the above-mentioned area information may be generated by the image transmission device 310A or the image processing device 320A.

參考圖4A,圖像處理系統300A可包含圖像傳輸裝置310A和圖像處理裝置320A。圖像傳輸裝置310A可包含標記產生器311A和圖像區域選擇器312A。另外,圖像處理裝置320A可包含標記比較器321A。可在圖像傳輸裝置310A與圖像處理裝置320A之間執行用於裝置認證的相互認證過程Auth。另外,相對於上述圖像認證,圖像區域選擇器312A可接收由圖像傳輸裝置310A產生的區域資訊Info_reg,且可基於區域資訊Info_reg將圖像的部分區域上的資料Image_p提供到標記產生器311A,且標記產生器311A可通過使用資料Image_p和先前設定的資訊(例如,工作階段金鑰)來產生標記TAG。另外,圖像傳輸裝置310A可將產生的標記TAG提供到圖像處理裝置320A,連同用於選擇區域的圖像Image和區域資訊Info_reg一起提供到圖像處理裝置320A。舉例來說,圖像Image、區域資訊Info_reg以及標記TAG可包含於一個封包中,且可傳輸到圖像處理裝置320A。Referring to FIG. 4A, an image processing system 300A may include an image transmission device 310A and an image processing device 320A. Image transmission device 310A may include indicia generator 311A and image area selector 312A. Additionally, the image processing device 320A may include a marker comparator 321A. A mutual authentication process Auth for device authentication may be performed between the image transmission device 310A and the image processing device 320A. In addition, with respect to the above-mentioned image authentication, the image area selector 312A may receive the area information Info_reg generated by the image transmission device 310A, and may provide the data Image_p on the partial area of the image to the mark generator based on the area information Info_reg 311A, and the tag generator 311A can generate the tag TAG by using the data Image_p and previously set information (eg, the session key). In addition, the image transmission device 310A may provide the generated tag TAG to the image processing device 320A, together with the image Image for selecting the region and the region information Info_reg to the image processing device 320A. For example, the image Image, the region information Info_reg, and the tag TAG can be included in one packet, and can be transmitted to the image processing device 320A.

在另一方面,參考圖4B,圖像處理系統300B可包含圖像傳輸裝置310B和圖像處理裝置320B。圖像傳輸裝置310B可包含標記產生器311B和圖像區域選擇器312B。另外,圖像處理裝置320B可包含標記比較器321B和區域資訊產生器322B。In another aspect, referring to FIG. 4B, an image processing system 300B may include an image transmission device 310B and an image processing device 320B. Image transmission device 310B may include indicia generator 311B and image area selector 312B. In addition, the image processing device 320B may include a marker comparator 321B and a region information generator 322B.

將由區域資訊產生器322B產生的區域資訊Info_reg提供到圖像傳輸裝置310B的圖像區域選擇器312B。標記產生器311B可通過使用圖像的部分區域的資料Image_p和工作階段金鑰來產生標記TAG。另外,圖像處理裝置320B可接收圖像Image和標記TAG,且可參考由圖像處理裝置320B產生的區域資訊Info_reg來選擇圖像Image的部分區域。另外,標記比較器321B通過使用圖像Image的部分區域的資料和工作階段金鑰來產生標記TAG,且將標記TAG與從圖像傳輸裝置310B所傳輸的標記TAG進行比較,來執行圖像認證過程。The region information Info_reg generated by the region information generator 322B is provided to the image region selector 312B of the image transmission device 310B. The tag generator 311B can generate the tag TAG by using the data Image_p of the partial area of the image and the session key. In addition, the image processing device 320B can receive the image Image and the tag TAG, and can refer to the region information Info_reg generated by the image processing device 320B to select a partial region of the image Image. In addition, the tag comparator 321B performs image authentication by generating a tag TAG using the data of the partial area of the image Image and the session key, and comparing the tag TAG with the tag TAG transmitted from the image transmission device 310B process.

圖5和圖6為繪示根據實例實施例的操作圖像傳輸裝置的方法的流程圖。在圖5和圖6中,假定上述圖像處理裝置在SOC中實施。5 and 6 are flowcharts illustrating a method of operating an image transmission device according to example embodiments. In FIGS. 5 and 6 , it is assumed that the above-described image processing apparatus is implemented in the SOC.

參考圖5,如攝像頭裝置的圖像傳輸裝置可在操作S11中使用外部SOC執行裝置認證過程。舉例來說,圖像傳輸裝置可使用SOC通過基於挑戰-回應的裝置認證過程來執行裝置認證過程。根據上述過程,確定在操作S12中裝置認證是否成功。在確定裝置認證未成功時,不在對應圖像傳輸裝置與外部SOC之間執行用於圖像傳輸的通信。在另一方面,在確定裝置認證成功時,圖像傳輸裝置可將圖像傳輸到SOC,且SOC可出於先前設定的目的(例如,自動系統的圖像材料)通過處理和分析在所接收的圖像上執行的操作來使用所接收的圖像。Referring to FIG. 5 , an image transmission device such as a camera device may perform a device authentication process using an external SOC in operation S11. For example, the image transmission device may perform the device authentication process through a challenge-response based device authentication process using the SOC. According to the above process, it is determined whether the device authentication is successful in operation S12. When it is determined that the device authentication is unsuccessful, communication for image transmission is not performed between the corresponding image transmission device and the external SOC. On the other hand, upon determining that device authentication is successful, the image transmission device may transmit the image to the SOC, and the SOC may process and analyze the received image for a previously set purpose (eg, image material for an automated system). The operation performed on the image to use the received image.

在另一方面,圖像傳輸裝置可在執行圖像傳輸中執行圖像認證的安全處理。舉例來說,用於安全處理的金鑰(例如,工作階段金鑰)可在操作S13中通過圖像傳輸裝置與SOC之間的通信由圖像傳輸裝置獲得。圖像傳輸裝置在操作S14中通過使用圖像的至少部分區域的資料和所獲得的工作階段金鑰的操作可產生如MAC的標記,可產生包含圖像和對應於圖像產生的標記的封包,且在操作S15中可將產生的封包傳輸到SOC。外部SOC可通過將被提供以對應於圖像的標記與由外部SOC產生的標記進行比較來執行圖像認證,且可出於上述先前設定的目的使用通常執行圖像認證的圖像。On the other hand, the image transmission apparatus may perform a security process of image authentication in performing image transmission. For example, a key for secure processing (eg, a work session key) may be obtained by the image transmission device through communication between the image transmission device and the SOC in operation S13. In operation S14, the image transmission device may generate a tag such as a MAC by using the data of at least a partial area of the image and the operation of the obtained working stage key, and may generate a packet including the image and the tag corresponding to the generated image. , and the generated packet may be transmitted to the SOC in operation S15. The external SOC may perform image authentication by comparing the indicia provided corresponding to the image with the indicia generated by the external SOC, and may use the image on which image authentication is generally performed for the purpose previously set above.

圖6繪示選自圖像的區域的位置在選擇用於產生標記的圖像的區域中變化的實例。參考圖6,圖像傳輸裝置可基於先前設定的區域資訊選擇由來自某一圖像的區域資訊指示的位置的區域。舉例來說,在操作S21中,圖像傳輸裝置根據第一值的區域資訊選擇第一圖像的第一區域,且在操作S22中可通過使用第一區域的資料來產生標記。舉例來說,通過使用第一區域的資料和上述工作階段金鑰的操作來產生標記,且在操作S23中可將包含第一圖像和對應於第一圖像的標記的封包傳輸到外部SOC。FIG. 6 illustrates an example where the position of a region selected from an image varies in a region selected for generating a marked image. Referring to FIG. 6, the image transmission apparatus may select an area of a location indicated by area information from a certain image based on previously set area information. For example, in operation S21, the image transmission device selects a first area of the first image according to the area information of the first value, and in operation S22, a mark may be generated by using the data of the first area. For example, the flag is generated through the operation using the data of the first area and the above-mentioned work-stage key, and a packet including the first image and the flag corresponding to the first image may be transmitted to the external SOC in operation S23 .

根據實施例,選自圖像以便產生標記的區域的位置可每幀或每均一週期(即,時間間隔)變化。舉例來說,在操作S24中,圖像傳輸裝置可根據第二值的區域資訊選擇第二圖像的第二區域,且第一區域的位置和第二區域的位置在某一圖像中可彼此不同。另外,在操作S25中,可通過使用第二圖像的第二區域的資料來產生標記,且在操作S26中,可將包含第二圖像和對應於第二圖像的標記的封包傳輸到外部SOC。Depending on the embodiment, the location of the region selected from the image to generate the mark may vary per frame or per uniform period (ie, time interval). For example, in operation S24, the image transmission device may select the second area of the second image according to the area information of the second value, and the position of the first area and the position of the second area may be in a certain image. different from each other. In addition, in operation S25, a marker may be generated by using the data of the second region of the second image, and in operation S26, a packet including the second image and the marker corresponding to the second image may be transmitted to external SOC.

圖7到圖10為繪示根據實例實施例的攝像頭系統20的實施實例的框圖。在下文中,在描述本公開的實例實施例中,假定圖像傳輸裝置為攝像頭裝置且圖像處理裝置為SOC(或ADAS SOC)。另外,以下實施例中所繪示的元件可實施先前實施例中所描述的各種功能。儘管功能彼此相同或類似,但組件的名稱可與先前實施例的名稱不同。7-10 are block diagrams illustrating examples of implementations of camera system 20 according to example embodiments. Hereinafter, in describing example embodiments of the present disclosure, it is assumed that the image transmission device is a camera device and the image processing device is an SOC (or ADAS SOC). Additionally, elements depicted in the following embodiments may implement various functions described in the previous embodiments. Although the functions are the same or similar to each other, the names of the components may be different from those of the previous embodiments.

參考圖7,攝像頭系統20可包含攝像頭裝置400和用於接收圖像的ADAS SOC 401。在圖7中,繪示將圖像Image從外部提供到攝像頭裝置400。然而,攝像頭裝置400可直接地通過攝像頭裝置400中的攝像頭感測器產生圖像Image。Referring to FIG. 7, the camera system 20 may include a camera device 400 and an ADAS SOC 401 for receiving images. In FIG. 7 , it is shown that the image Image is provided to the camera device 400 from the outside. However, the camera device 400 may directly generate the image Image through the camera sensor in the camera device 400 .

攝像頭裝置400可包含用於處理圖像的圖像處理器410和用於產生傳輸形式以便將圖像傳輸到ADAS SDOC 400的封包格式編碼器420。另外,攝像頭裝置400可更包含用於執行相對於安全功能的裝置認證和圖像認證的安全電路430。安全電路430可更包含:安全控制器431,將命令傳輸到ADAS SOC 401和從其接收命令且執行或處理對應命令;金鑰共用器432,用於執行加密操作以便產生工作階段金鑰且在ADAS SOC 401與攝像頭裝置400之間交換工作階段金鑰;標記產生器433,用於產生防止偽造或篡改所傳輸的圖像的標記並對所傳輸的圖像執行圖像認證;以及安全儲存裝置434,用於儲存先前共用金鑰或用於裝置認證的認證證書和如產品序號的識別字(ID)。The camera device 400 may include an image processor 410 for processing images and a packet format encoder 420 for generating a transmission form for transmission of the images to the ADAS SDOC 400 . Additionally, the camera device 400 may further include a security circuit 430 for performing device authentication and image authentication with respect to security functions. The security circuit 430 may further comprise: a security controller 431 for transmitting and receiving commands to and from the ADAS SOC 401 and executing or processing corresponding commands; A session key is exchanged between the ADAS SOC 401 and the camera device 400; a token generator 433 for generating a token that prevents forgery or tampering of the transmitted image and performs image authentication on the transmitted image; and a secure storage device 434, used to store the previous shared key or authentication certificate for device authentication and an identification word (ID) such as a product serial number.

另外,用於處理從攝像頭裝置400所傳輸的圖像的ADAS SOC 401可包含安全/加密模組。安全/加密模組可執行上述實施例中的安全處理器210的功能。安全/加密模組可基於硬體、軟體或硬體與軟體的組合執行與裝置認證和圖像認證相關的各種安全處理功能和加密/解碼處理功能。另外,儘管圖7中未繪示,但ADAS SOC 401可更包含:封包處理器,用於對所接收的封包進行解碼;金鑰儲存裝置,用於儲存關於裝置認證和圖像認證的各種金鑰資訊項;以及圖像處理模組,用於處理圖像資料。Additionally, ADAS SOC 401 for processing images transmitted from camera device 400 may include a security/encryption module. The security/encryption module can perform the functions of the security processor 210 in the above embodiments. The security/encryption module may perform various security processing functions and encryption/decoding processing functions related to device authentication and image authentication based on hardware, software, or a combination of hardware and software. In addition, although not shown in FIG. 7 , the ADAS SOC 401 may further include: a packet processor for decoding the received packets; a key storage device for storing various keys related to device authentication and image authentication key information item; and an image processing module for processing image data.

在圖7所繪示的實施例及以下實施例中,可由元件執行的功能將另外描述如下。In the embodiment depicted in FIG. 7 and the following embodiments, the functions that may be performed by the elements will be additionally described as follows.

用於處理由攝像頭感測器採集的圖像或從外部提供的圖像的圖像處理器410可根據使用現有攝像頭裝置的圖像處理功能從安全控制器331接收的資訊(例如,區域資訊)將圖像的某一區域的資料傳輸到安全控制器431。The image processor 410 for processing an image captured by a camera sensor or an image provided from the outside may receive information (eg, area information) from the security controller 331 according to the image processing function using an existing camera device The data of a certain area of the image is transmitted to the security controller 431 .

在另一方面,用於封包化待傳輸的圖像的封包格式編碼器420可將產生用於圖像認證的代碼(例如MAC)添加到封包的頭部或尾端。On the other hand, the packet format encoder 420 for packetizing the image to be transmitted may add a code (eg, MAC) generated for image authentication to the head or tail of the packet.

安全控制器431可管理攝像頭裝置的安全功能。舉例來說,安全控制器431可通過通信將某些資訊(隨機挑戰、加密消息、電子簽名等)傳輸到ADAS SOC 401且從其接收某些資訊,將表示圖像資料的某一位置的區域的區域資訊傳輸到圖像處理器410以接收對應區域的資料,將所接收的圖像的資料傳輸到標記產生器433,將受金鑰共用器432保護的工作階段金鑰傳輸到標記產生器433,以及將儲存於安全儲存裝置434中的某一值傳輸到ADAS SOC 401或設定金鑰共用器432中的某一值。The security controller 431 may manage security functions of the camera device. For example, the security controller 431 may communicate certain information (random challenges, encrypted messages, electronic signatures, etc.) to and receive certain information from the ADAS SOC 401 that will represent an area of a certain location of the image data The area information of the image processor 410 is transmitted to the image processor 410 to receive the data of the corresponding area, the data of the received image is transmitted to the mark generator 433, and the working stage key protected by the key duplexer 432 is transmitted to the mark generator 433 , and transmit a value stored in secure storage 434 to ADAS SOC 401 or set a value in key duplexer 432 .

在另一方面,金鑰共用器432可對由ADAS SOC 401所傳輸的工作階段金鑰和關於應用MAC的圖像的某一區域的資訊進行解碼。舉例來說,可應用如RSA或ECC的公共金鑰密碼系統,或可應用如AES的秘密金鑰密碼系統。另外,ADAS SOC 401可產生金鑰且將產生的金鑰傳輸到攝像頭裝置400,或ADAS SOC 401和攝像頭裝置400可通過使用如Diffie-Hellman(DH)或橢圓曲線Diffie-Hellman(Elliptic-curve Diffie-Hellman;EC-DH)的金鑰切換式通訊協定共用工作階段金鑰。可將解碼的工作階段金鑰和區域資訊傳輸到安全控制器431或標記產生器433。On the other hand, the key duplexer 432 can decode the session key transmitted by the ADAS SOC 401 and information about a certain area of the image to which the MAC is applied. For example, a public key cryptosystem such as RSA or ECC may be applied, or a secret key cryptosystem such as AES may be applied. In addition, the ADAS SOC 401 may generate a key and transmit the generated key to the camera device 400, or the ADAS SOC 401 and the camera device 400 may generate a key by using, for example, Diffie-Hellman (DH) or Elliptic-curve Diffie-Hellman (Elliptic-curve Diffie - Hellman; EC-DH) key-switching protocol shared session key. The decoded session key and zone information may be transmitted to the security controller 431 or the token generator 433 .

在另一方面,標記產生器433可通過使用從金鑰共用器432接收的工作階段金鑰對從安全控制器431接收的圖像資料執行MAC操作。可將作為操作結果所獲得的MAC值傳輸到封包格式編碼器420以及傳輸到ADAS SOC 401。On the other hand, the token generator 433 may perform a MAC operation on the image material received from the security controller 431 by using the session key received from the key sharer 432 . The MAC value obtained as a result of the operation may be transmitted to the packet format encoder 420 and to the ADAS SOC 401 .

在另一方面,安全儲存裝置434可為用於安全地儲存私用金鑰/公共金鑰對和攝像頭裝置400的證書或攝像頭裝置400與ADAS SOC 401之間的預共用金鑰的儲存電路。允許公開和不允許偽造或篡改的值(如攝像頭裝置400的ID)可儲存於安全儲存裝置434中。In another aspect, secure storage device 434 may be a storage circuit for securely storing a private key/public key pair and a certificate for camera device 400 or a pre-shared key between camera device 400 and ADAS SOC 401 . Values that allow disclosure and do not allow forgery or tampering, such as the ID of the camera device 400 , may be stored in the secure storage device 434 .

在另一方面,ADAS SOC 401可包含負責汽車產品中的自動駕駛的主處理器。根據當前實施例,因為將汽車產品描述為實例,所以將對應實體定義為ADAS SOC。然而,ADAS SOC 401可對應於用於處理、分析以及儲存由攝像頭裝置400所傳輸的圖像的實體。In another aspect, ADAS SOC 401 may contain the main processor responsible for autonomous driving in automotive products. According to the current embodiment, since an automobile product is described as an instance, the corresponding entity is defined as an ADAS SOC. However, ADAS SOC 401 may correspond to an entity for processing, analyzing, and storing images transmitted by camera device 400 .

在另一方面,可以各種方式實施圖7中繪示的攝像頭裝置400的元件。舉例來說,用於執行程式的處理器可更包含於攝像頭裝置400中,且圖7中繪示的元件的功能可通過處理器執行儲存於攝像頭裝置400中的主記憶體中的程式來執行。或者,攝像頭裝置400中的元件可包含用於執行對應功能以使得可將功能執行為硬體的電路。或者,包含於攝像頭裝置400中的元件也可通過硬體與軟體的組合來實施。In another aspect, the elements of the camera device 400 depicted in FIG. 7 may be implemented in various ways. For example, a processor for executing programs may be further included in camera device 400, and the functions of the elements shown in FIG. 7 may be performed by the processor executing programs stored in main memory in camera device 400 . Alternatively, elements in camera device 400 may include circuitry for performing corresponding functions such that the functions may be performed as hardware. Alternatively, the elements included in the camera device 400 may also be implemented by a combination of hardware and software.

在下文中,將描述圖7中繪示的攝像頭系統20的更詳細操作。Hereinafter, a more detailed operation of the camera system 20 shown in FIG. 7 will be described.

圖8繪示攝像頭裝置400和ADAS SOC 401可通過預共用金鑰來執行裝置認證的實例。舉例來說,攝像頭裝置400和ADAS SOC 401可執行基於挑戰-回應的認證過程。在認證過程中,ADAS SOC 401可確定攝像頭裝置400是否是經過授權的裝置,這可通過檢查預共用金鑰的擁有權來執行。認證過程可按照以下順序來執行。FIG. 8 illustrates an example in which the camera device 400 and the ADAS SOC 401 can perform device authentication through a pre-shared key. For example, the camera device 400 and ADAS SOC 401 may perform a challenge-response based authentication process. During the authentication process, ADAS SOC 401 may determine whether camera device 400 is an authorized device, which may be performed by checking the ownership of the pre-shared key. The authentication process can be performed in the following order.

攝像頭裝置400和ADAS SOC 401中的每一個可擁有(例如,可以使用)預共用金鑰。預共用金鑰為如AES的分塊加密金鑰。ADAS SOC 401和攝像頭裝置400可共用同一金鑰。將預共用金鑰安全地儲存於攝像頭裝置400的安全儲存裝置434中有其必要性。Each of the camera device 400 and the ADAS SOC 401 may possess (eg, may use) a pre-shared key. The pre-shared key is a block encryption key such as AES. ADAS SOC 401 and camera device 400 may share the same key. It is necessary to securely store the pre-shared key in the secure storage device 434 of the camera device 400 .

舉例來說,為了確定攝像頭裝置400是否是經過授權的裝置,ADAS SOC 401可基於挑戰-回應方法來確定攝像頭裝置400是否擁有預共用金鑰。為此目的,ADAS SOC 401可產生具有任意值(例如,隨機數目的先前設定的位)的隨機挑戰,且可將產生的隨機挑戰傳輸到攝像頭裝置400。For example, to determine whether camera device 400 is an authorized device, ADAS SOC 401 may determine whether camera device 400 possesses a pre-shared key based on a challenge-response method. To this end, ADAS SOC 401 may generate a random challenge with an arbitrary value (eg, a random number of previously set bits), and may transmit the generated random challenge to camera device 400 .

接收隨機挑戰的攝像頭裝置400可通過使用儲存於安全儲存裝置434中的預共用金鑰來對隨機挑戰進行加密且將加密的隨機挑戰Random Challenge_EN傳輸到ADAS SOC 401。此時,除隨機挑戰Random Challenge_EN以外,可將如攝像頭裝置400的產品數目(ID)的公共資訊和可區分攝像頭裝置400的資訊進一步傳輸到ADAS SOC 401。The camera device 400 receiving the random challenge may encrypt the random challenge by using the pre-shared key stored in the secure storage device 434 and transmit the encrypted random challenge RandomChallenge_EN to the ADAS SOC 401 . At this time, in addition to the random challenge Random Challenge_EN, public information such as the product number (ID) of the camera device 400 and information that can distinguish the camera device 400 may be further transmitted to the ADAS SOC 401 .

ADAS SOC 401可儲存攝像頭裝置400的先前接收到的產品數目(ID)資訊,對通過使用預共用金鑰從攝像頭裝置400接收的密碼(cryptogram)進行解碼,確定解碼的明文是否與由ADAS SOC 401所傳輸的隨機挑戰相同,以及確定從攝像頭裝置400接收的產品數目(ID)是否與先前儲存的資訊相同。根據確定的結果,可將包含預共用金鑰的攝像頭裝置400認證為經過授權的裝置。The ADAS SOC 401 may store the previously received product number (ID) information of the camera device 400 , decode the cryptogram received from the camera device 400 by using the pre-shared key, and determine whether the decoded plaintext is the same as the one received by the ADAS SOC 401 The transmitted random challenge is the same, and it is determined whether the product number (ID) received from the camera device 400 is the same as the previously stored information. According to the result of the determination, the camera device 400 containing the pre-shared key may be authenticated as an authorized device.

不同攝像頭裝置可使用相同預共用金鑰或不同預共用金鑰。在攝像頭裝置使用不同預共用金鑰時,ADAS SOC 401可包含佈置攝像頭裝置400的產品ID和金鑰的資料庫。Different camera devices can use the same pre-shared key or different pre-shared keys. When camera devices use different pre-shared keys, ADAS SOC 401 may contain a database of product IDs and keys where camera device 400 is placed.

圖9繪示攝像頭裝置和ADAS SOC通過公共金鑰密碼系統來執行裝置認證的實例。FIG. 9 illustrates an example where the camera device and the ADAS SOC perform device authentication through a public key cryptosystem.

在使用公共金鑰密碼系統的認證方法中,不必預先共用金鑰,並且雖然公開私用金鑰,但是僅撤銷一個產品。舉例來說,認證中心(certificate authority;CA)有其必要性以便應用於公共金鑰密碼系統。基於公共金鑰密碼系統的認證方法可按照以下循序執行。In the authentication method using the public key cryptosystem, it is not necessary to share the key in advance, and although the private key is disclosed, only one product is revoked. For example, a certificate authority (CA) is necessary in order to apply to public key cryptosystems. The authentication method based on the public key cryptosystem can be performed in the following sequence.

CA可將公共金鑰(例如,CA公共金鑰Public Key_CA)傳輸到ADAS SOC 401,且為攝像頭裝置400的私用金鑰頒發證書。舉例來說,為了確定攝像頭裝置400是否是經過授權的裝置,ADAS SOC 401可基於挑戰-回應方法來確定攝像頭裝置400是否擁有私用金鑰。為此目的,ADAS SOC 401可根據挑戰-響應方案產生挑戰,且可將產生的挑戰傳輸到攝像頭裝置400。The CA may transmit the public key (eg, CA public key Public Key_CA) to the ADAS SOC 401 and issue a certificate for the private key of the camera device 400 . For example, to determine whether camera device 400 is an authorized device, ADAS SOC 401 may determine whether camera device 400 possesses a private key based on a challenge-response method. To this end, the ADAS SOC 401 may generate a challenge according to a challenge-response scheme, and may transmit the generated challenge to the camera device 400 .

接收挑戰的攝像頭裝置400可通過使用儲存於安全儲存裝置434中的私用金鑰以數位方式指示挑戰-回應,且可根據挑戰-回應方案將以數位方式指示的回應傳輸到ADAS SOC 401。此時,攝像頭裝置400可將其證書傳輸到ADAS SOC 401。The camera device 400 receiving the challenge can digitally indicate the challenge-response by using the private key stored in the secure storage device 434 and can transmit the digitally indicated response to the ADAS SOC 401 according to the challenge-response scheme. At this point, the camera device 400 may transmit its certificate to the ADAS SOC 401 .

ADAS SOC 401可通過CA公共金鑰Public Key_CA來驗證由攝像頭裝置400所傳輸的證書,以確保攝像頭裝置400的公共金鑰的安全,通過使用受保護的公共金鑰來驗證由攝像頭裝置400所傳輸的數位簽章,以及根據驗證結果來確定攝像頭裝置400是否是經過授權的裝置。The ADAS SOC 401 can verify the certificate transmitted by the camera device 400 through the CA public key Public Key_CA to ensure the security of the public key of the camera device 400 by using the protected public key to verify the certificate transmitted by the camera device 400 , and determine whether the camera device 400 is an authorized device according to the verification result.

圖10繪示攝像頭裝置和ADAS SOC通過傳輸工作階段金鑰和傳輸工作階段金鑰之後的過程執行裝置認證的實例。FIG. 10 illustrates an example in which the camera device and the ADAS SOC perform device authentication by transmitting the session key and the process after the transmission of the session key.

基於工作階段金鑰方法的裝置認證可通過與使用上述公共金鑰密碼系統的認證方法部分類似的方法來執行。在ADAS SOC 401可產生工作階段金鑰時,通過攝像頭裝置400的公共金鑰來加密工作階段金鑰,且傳輸加密的工作階段金鑰。攝像頭裝置400可通過使用其私用金鑰對從ADAS SOC 401提供的資訊進行解碼,以確保工作階段金鑰的安全和通過使用工作階段金鑰執行後續通信。因此,因為僅擁有私用金鑰的經過授權的攝像頭裝置400可成功地執行後續操作,所以可通過確定是否恰當地執行後續通信而無需額外認證過程來確定攝像頭裝置40是否是經過授權的裝置。The device authentication based on the work-phase key method can be performed by a method similar to that of the authentication method part using the public key cryptosystem described above. When the ADAS SOC 401 can generate the session key, the session key is encrypted by the public key of the camera device 400, and the encrypted session key is transmitted. The camera device 400 can decode the information provided from the ADAS SOC 401 by using its private key to secure the session key and perform subsequent communications by using the session key. Accordingly, since only authorized camera devices 400 in possession of the private key can successfully perform subsequent operations, it is possible to determine whether camera device 40 is an authorized device by determining whether subsequent communications are properly performed without an additional authentication process.

如在上述公共金鑰密碼系統中,ADAS SOC 401可通過確保攝像頭裝置400的證書的安全並驗證所述證書來確保攝像頭裝置400的公共金鑰的安全。另外,ADAS SOC 401可產生工作階段金鑰,通過使用攝像頭裝置400的公共金鑰來對工作階段金鑰進行加密,以及將加密的工作階段金鑰傳輸到攝像頭裝置400。攝像頭裝置400可通過對由其私用金鑰所接收的密碼進行解碼來確保工作階段金鑰的安全。對應工作階段金鑰可用於認證後續圖像。在成功地執行圖像認證時,ADAS SOC 401可認證攝像頭裝置400是經過授權的裝置。As in the above-described public key cryptosystem, the ADAS SOC 401 may secure the public key of the camera device 400 by securing the certificate of the camera device 400 and verifying the certificate. Additionally, the ADAS SOC 401 may generate a session key, encrypt the session key by using the public key of the camera device 400 , and transmit the encrypted session key to the camera device 400 . The camera device 400 can secure the session key by decoding the password received by its private key. The corresponding session key can be used to authenticate subsequent images. Upon successfully performing image authentication, ADAS SOC 401 may authenticate camera device 400 as an authorized device.

如在上述實施例中,在成功地執行裝置認證之後,可通過使用至少圖像的部分區域和工作階段金鑰來執行圖像認證。在另一方面,在裝置認證失敗時,ADAS SOC 401可停止與裝置認證失敗的攝像頭裝置通信或與所述攝像頭裝置斷開連接和/或撤銷從攝像頭裝置所傳輸的圖像。As in the above-described embodiment, after the device authentication is successfully performed, the image authentication may be performed by using at least a partial area of the image and the work phase key. On the other hand, upon device authentication failure, ADAS SOC 401 may stop communicating with or disconnect from the camera device that failed device authentication and/or revoke images transmitted from the camera device.

在下文中,公開執行圖像認證的各種實施例。圖像認證操作可在完成根據上述實施例的裝置認證之後執行,且可在執行裝置認證的相機與ADAS SOC之間執行。Hereinafter, various embodiments of performing image authentication are disclosed. The image authentication operation may be performed after completing the device authentication according to the above-described embodiments, and may be performed between the camera that performs the device authentication and the ADAS SOC.

圖11和圖12為繪示通過使用MAC操作執行圖像認證的實例的視圖。圖11和圖12繪示通過使用所有圖像資料執行MAC操作的實例。11 and 12 are views illustrating an example of performing image authentication by using a MAC operation. 11 and 12 illustrate an example of performing MAC operations by using all image data.

圖像認證可通過各種方法來執行。舉例來說,可執行將MAC用作標記資訊的圖像認證。舉例來說,可應用通過使用由兩個實體共用的金鑰(例如,工作階段金鑰)從圖像資料產生MAC並將MAC添加到傳輸到ADAS SOC的圖像的方法。舉例來說,至少工作階段金鑰的部分位元可用於產生MAC,且MAC可通過使用各種演算法(例如,如安全散列演算法(Secure Hash Algorithm;SHA)、SHA256以及SHA384或演算法MD5的演算法)產生。可通過圖像認證過程使用MAC防止將偽造或篡改的圖像提供到ADAS SOC 501。Image authentication can be performed by various methods. For example, image authentication using MAC as tag information can be performed. For example, a method of generating a MAC from image material and adding the MAC to an image transmitted to an ADAS SOC by using a key (eg, a session key) shared by both entities may be applied. For example, at least some of the bits of the session key can be used to generate the MAC, and the MAC can be generated by using various algorithms such as Secure Hash Algorithm (SHA), SHA256 and SHA384, or the algorithm MD5, for example. algorithm) generated. Falsified or tampered images can be prevented from being provided to ADAS SOC 501 using the MAC through the image authentication process.

參考圖11和圖12,ADAS SOC 501可對待用於圖像認證的工作階段金鑰進行加密且將加密的工作階段金鑰傳輸到攝像頭裝置500。此時,如公共金鑰或秘密金鑰(或私用金鑰)方法的各種方法可應用於加密工作階段金鑰。用於加密的金鑰可儲存於攝像頭裝置500中的安全儲存裝置534中。Referring to FIGS. 11 and 12 , the ADAS SOC 501 may encrypt a work session key to be used for image authentication and transmit the encrypted work session key to the camera device 500 . At this time, various methods such as public key or secret key (or private key) method can be applied to encrypt the work phase key. The key used for encryption may be stored in secure storage device 534 in camera device 500 .

安全控制器531可將從ADAS SOC 501接收的密碼傳輸到金鑰共用器532,且金鑰共用器532可通過使用儲存於安全儲存裝置534中的金鑰對密碼進行解碼,以使得可獲得工作階段金鑰。解碼的工作階段金鑰可傳輸到標記產生器533,且安全控制器531可將圖像傳輸到標記產生器533。圖12中繪示的標記產生器533可對應於圖11中繪示的MAC發動機。The security controller 531 can transmit the password received from the ADAS SOC 501 to the keycombiner 532, and the keycombiner 532 can decode the password by using the key stored in the secure storage device 534 so that the work can be obtained Stage key. The decoded session key may be transmitted to the indicia generator 533, and the security controller 531 may transmit the image to the indicia generator 533. The signature generator 533 depicted in FIG. 12 may correspond to the MAC engine depicted in FIG. 11 .

標記產生器533可通過使用工作階段金鑰和圖像資料產生MAC,且可將MAC傳輸到封包格式編碼器520。封包格式編碼器520可將MAC傳輸到ADAS SOC 501以及包含圖像的封包的頭部或尾端。在接收對應封包之後,ADAS SOC 501可以與攝像頭裝置500相同的方式通過使用工作階段金鑰來產生MAC,將產生的MAC與包含於封包中的MAC進行比較,確定在MAC值彼此相等時圖像為經過授權的圖像,以及執行後續操作。The token generator 533 can generate a MAC by using the session key and image data, and can transmit the MAC to the packet format encoder 520 . The packet format encoder 520 may transmit the MAC to the ADAS SOC 501 and either the head or tail of the packet containing the image. After receiving the corresponding packet, the ADAS SOC 501 can generate a MAC by using the session key in the same manner as the camera device 500, compare the generated MAC with the MAC contained in the packet, and determine when the MAC values are equal to each other in the image for authorized images, and follow-up actions.

根據圖11和12中所繪示的實施例,因為在ADAS SOC 501與攝像頭裝置500之間執行根據上述實施例的認證過程,且認證為經過授權的裝置的攝像頭裝置500產生用於防止偽造或篡改圖像資料的標記並將產生的標記提供到ADAS SOC 501,所以可在將圖像資料提供到ADAS SOC 501的過程中防止偽造或篡改圖像資料,由此減小資料竄改風險和基於篡改的資料執行分析。According to the embodiments illustrated in FIGS. 11 and 12 , since the authentication process according to the above-described embodiment is performed between the ADAS SOC 501 and the camera device 500 , and the camera device 500 authenticated as an authorized device is generated for preventing counterfeiting or Tampering of the indicia of the image material and providing the resulting indicia to the ADAS SOC 501, thus preventing forgery or tampering of the image material in the process of providing the image material to the ADAS SOC 501, thereby reducing the risk of material tampering and tampering based analysis of the data.

圖13和圖14為繪示通過使用圖像的部分區域來執行圖像認證的實例的視圖。13 and 14 are views illustrating an example of performing image authentication by using a partial area of an image.

參考圖13和圖14,攝像頭裝置600可選擇性地使用關於僅某一圖像(例如,幀圖像)的部分區域的資料供用於產生MAC。舉例來說,攝像頭裝置600可通過使用圖像的部分區域的資料和工作階段金鑰來產生MAC,且隨後將產生的MAC傳輸到封包格式編碼器620。Referring to FIGS. 13 and 14 , the camera device 600 may selectively use data about only a partial area of a certain image (eg, a frame image) for generating the MAC. For example, the camera device 600 may generate a MAC by using the data of the partial region of the image and the session key, and then transmit the generated MAC to the packet format encoder 620 .

在攝像頭裝置600用於汽車產品的實例中,傳輸大量圖像資料和即時處理所傳輸的圖像資料有其必要性。此時,由於待處理的圖像資料的量較大,為了防止性能降低或為了減小硬體成本,可通過僅使用確定在任意位置中的區域的圖像資料或資料中為重要的(例如,與自動駕駛系統的決策過程更相關的)資料來執行圖像認證。In the case where the camera device 600 is used in an automobile product, it is necessary to transmit a large amount of image data and to process the transmitted image data in real time. At this time, since the amount of image data to be processed is large, in order to prevent performance degradation or to reduce hardware cost, it is possible to use only image data or data that are important in areas determined in arbitrary positions (eg , more relevant to the decision-making process of autonomous driving systems) data to perform image authentication.

可通過各種方法來選擇用於產生MAC的區域。舉例來說,關於圖像中將應用MAC的區域的資訊(例如區域資訊)可以固定格式先前儲存於攝像頭裝置600或ADAS SOC 601中,且某一位置中的區域可根據先前儲存的資訊用於MAC操作。或者,ADAS SOC 601可對圖像中將應用MAC的區域資訊Info_reg_EN進行加密且將加密的區域資訊Info_reg_EN傳輸到攝像頭裝置600。攝像頭裝置600可通過使用對應於所接收的區域資訊的圖像的區域產生MAC。在應用ADAS SOC 601對區域資訊進行加密且傳輸加密的區域資訊的方法時,可應用每次啟動或每一先前設定週期傳輸表示圖像的另一位置的區域資訊的方法。根據當前實施例,可在完成ADAS SOC 601與攝像頭裝置600之間的認證之後執行在下文中所描述的操作。The region used to generate the MAC can be selected by various methods. For example, information about the area in the image to which the MAC will be applied (eg, area information) may be previously stored in the camera device 600 or ADAS SOC 601 in a fixed format, and the area in a certain location may be used for MAC operation. Alternatively, the ADAS SOC 601 may encrypt the area information Info_reg_EN to which the MAC is applied in the image and transmit the encrypted area information Info_reg_EN to the camera device 600 . The camera device 600 may generate the MAC by using the area of the image corresponding to the received area information. When applying the method in which the ADAS SOC 601 encrypts the area information and transmits the encrypted area information, the method of transmitting the area information representing another position of the image per startup or every previously set period may be applied. According to the current embodiment, the operations described below may be performed after the authentication between the ADAS SOC 601 and the camera device 600 is completed.

ADAS SOC 601可對待用於圖像認證的工作階段金鑰進行加密,且將加密的工作階段金鑰傳輸到攝像頭裝置600。如在上述實施例中,用於傳輸工作階段金鑰的加密方法可為公共金鑰方法或秘密金鑰方法,且用於加密的金鑰可儲存於安全儲存裝置634中。The ADAS SOC 601 may encrypt the session key to be used for image authentication, and transmit the encrypted session key to the camera device 600 . As in the above-mentioned embodiment, the encryption method used to transmit the session key may be a public key method or a secret key method, and the key used for encryption may be stored in the secure storage device 634 .

安全控制器631可將從ADAS SOC 601接收的密碼傳輸到金鑰共用器632。金鑰共用器632可通過使用儲存於安全儲存裝置634中的金鑰來對密碼進行解碼。解碼的工作階段金鑰可傳輸到標記產生器633。另外,基於存在於攝像頭裝置600中的區域資訊或從ADAS SOC 601提供的區域資訊,可選擇將應用MAC的圖像的區域,且區域資訊可儲存於安全控制器631中。另外,安全控制器631可通過使用區域資訊Info_reg來將待應用MAC的圖像的部分區域傳輸到標記產生器633。The security controller 631 may transmit the password received from the ADAS SOC 601 to the key sharer 632 . The key sharer 632 can decode the password by using the key stored in the secure storage device 634 . The decoded session key may be transmitted to the token generator 633. In addition, based on the area information existing in the camera device 600 or the area information provided from the ADAS SOC 601 , the area of the image to which the MAC will be applied may be selected, and the area information may be stored in the security controller 631 . In addition, the security controller 631 may transmit the partial area of the image to which the MAC is to be applied to the flag generator 633 by using the area information Info_reg.

標記產生器633可通過使用工作階段金鑰和圖像的部分區域的資料來產生MAC,且將產生的MAC傳輸到封包格式編碼器620。封包格式編碼器620可將MAC傳輸到ADAS SOC 601以及包含圖像的封包的頭部或尾端。在接收對應封包之後,如在攝像頭裝置600中,ADAS SOC 601可產生MAC,並將產生的MAC與包含於封包中的MAC進行比較。在MAC值彼此相等時,ADAS SOC 601可確定圖像為經過授權的圖像且可執行後續操作。The tag generator 633 may generate a MAC by using the session key and the data of the partial area of the image, and transmit the generated MAC to the packet format encoder 620 . The packet format encoder 620 may transmit the MAC to the ADAS SOC 601 and either the head or tail of the packet containing the image. After receiving the corresponding packet, as in the camera device 600, the ADAS SOC 601 may generate a MAC and compare the generated MAC with the MAC contained in the packet. When the MAC values are equal to each other, the ADAS SOC 601 can determine that the image is an authorized image and can perform subsequent operations.

圖15為繪示通過上述實施例中的攝像頭裝置任意地選擇圖像的部分區域的實例的框圖。舉例來說,攝像頭裝置可改變用於MAC操作的圖像的部分區域的位置,且位置改變可在每一幀執行或可以預定時間間隔執行。或者,每當攝像頭裝置開始(例如,啟動)可執行位置改變。FIG. 15 is a block diagram illustrating an example in which a partial region of an image is arbitrarily selected by the camera device in the above-described embodiment. For example, the camera device may change the position of a portion of the image used for the MAC operation, and the position change may be performed every frame or may be performed at predetermined time intervals. Alternatively, the position change may be performed whenever the camera device starts (eg, starts up).

根據當前實施例,可基於攝像頭裝置600的置信度水準(例如,安全清除率)將MAC應用於由攝像頭裝置600任意地選擇的區域,而非應用於由ADAS SOC 601指定的區域。因此,根據當前實施例,可對攝像頭裝置600精確執行認證過程。另外,由於攝像頭裝置600可選擇MAC應用的區域,因此待用於使用圖像的MAC操作的圖像的區域資訊可被加密且可傳輸到ADAS SOC 601。可在ADAS SOC 601認證攝像頭裝置600之後執行以下操作。According to the current embodiment, the MAC may be applied to an area arbitrarily selected by the camera device 600 , rather than to the area specified by the ADAS SOC 601 , based on the confidence level (eg, safe clearance rate) of the camera device 600 . Therefore, according to the current embodiment, the authentication process can be precisely performed on the camera device 600 . In addition, since the camera device 600 can select the area of the MAC application, the area information of the image to be used for the MAC operation of the image can be encrypted and can be transmitted to the ADAS SOC 601 . The following operations may be performed after the ADAS SOC 601 authenticates the camera device 600 .

ADAS SOC 601根據上述實施例可對待用於圖像認證的工作階段金鑰進行加密,並將加密的工作階段金鑰傳輸到攝像頭裝置600。如上文所描述,公共金鑰或秘密金鑰方法可用於對工作階段金鑰進行加密。用於加密的金鑰可儲存於安全儲存裝置634中。The ADAS SOC 601 may encrypt the work session key to be used for image authentication according to the above-described embodiment, and transmit the encrypted work session key to the camera device 600 . As described above, a public key or secret key approach can be used to encrypt the session key. The keys used for encryption may be stored in secure storage 634 .

安全控制器631可將從ADAS SOC 601接收的密碼傳輸到金鑰共用器632。金鑰共用器632可將解碼的工作階段金鑰傳輸到標記產生器633。另外,安全控制器631可包含用於隨機地選擇待應用於如上述MAC操作的圖像的區域的區域資訊Info_reg。舉例來說,區域資訊Info_reg可由安全控制器631或攝像頭裝置600中的另一元件產生,且可提供到安全控制器631。The security controller 631 may transmit the password received from the ADAS SOC 601 to the key sharer 632 . The key duplexer 632 may transmit the decoded session key to the token generator 633 . In addition, the security controller 631 may include region information Info_reg for randomly selecting regions to be applied to the image for the MAC operation as described above. For example, the regional information Info_reg may be generated by the security controller 631 or another element in the camera device 600 , and may be provided to the security controller 631 .

另外,安全控制器631可通過使用區域資訊Info_reg將待應用MAC的圖像的部分區域傳輸到標記產生器633。標記產生器633可通過使用工作階段金鑰和圖像的部分區域的資料來產生MAC,並將產生的MAC傳輸到封包格式編碼器620。In addition, the security controller 631 may transmit the partial area of the image to which the MAC is to be applied to the marker generator 633 by using the area information Info_reg. The tag generator 633 may generate a MAC by using the session key and the data of the partial area of the image, and transmit the generated MAC to the packet format encoder 620 .

在另一方面,安全控制器631可對上述區域資訊Info_reg進行加密,並將加密的區域資訊Info_reg_EN傳輸到封包格式編碼器620。舉例來說,安全控制器631可通過使用儲存於安全儲存裝置634中的工作階段金鑰的部分位元或先前共用且儲存於安全儲存裝置634中的金鑰來對區域資訊Info_reg進行加密。On the other hand, the security controller 631 can encrypt the above-mentioned area information Info_reg, and transmit the encrypted area information Info_reg_EN to the packet format encoder 620 . For example, the security controller 631 may encrypt the region information Info_reg by using part of the bits of the session key stored in the secure storage device 634 or a key previously shared and stored in the secure storage device 634 .

封包格式編碼器620可將產生的MAC和應用MAC的圖像的區域資訊Info_reg傳輸到ADAS SOC 601以及包含圖像的封包的頭部或尾端。ADAS SOC 601可接收對應封包,對區域資訊Info_reg進行解碼,在由解碼的區域資訊Info_reg所選擇的圖像的部分區域中產生MAC,如攝像頭600,將產生的MAC與包含於封包中的MAC進行比較,確定在MAC值彼此相等時圖像為經過授權的圖像,以及執行後續操作。The packet format encoder 620 may transmit the generated MAC and the region information Info_reg of the image to which the MAC is applied to the ADAS SOC 601 and the head or tail of the packet containing the image. The ADAS SOC 601 can receive the corresponding packet, decode the area information Info_reg, and generate a MAC in the partial area of the image selected by the decoded area information Info_reg, such as the camera 600, and compare the generated MAC with the MAC contained in the packet. Compare, determine that the images are authorized when the MAC values are equal to each other, and perform subsequent operations.

圖16繪示基於上述實施例中的挑戰-回應方法執行圖像認證的實例。舉例來說,可通過應用挑戰-回應方法來將MAC應用於圖像。FIG. 16 shows an example of performing image authentication based on the challenge-response method in the above embodiment. For example, MAC can be applied to images by applying a challenge-response method.

根據當前實施例,可通過使用挑戰-回應方法來執行圖像認證。在產生用於全部圖像的MAC時,可產生額外開銷。在產生用於僅圖像的部分區域的MAC的情況下,在攻擊者獲得待應用MAC的區域的知識時,攻擊者可能試圖偽造或篡改另一區域。在這種情況下,圖像可能易受偽造或篡改攻擊。According to the current embodiment, image authentication may be performed by using a challenge-response method. Additional overhead may be incurred in generating the MAC for all images. In the case of generating a MAC for only a partial area of an image, when an attacker gains knowledge of the area to which the MAC is to be applied, the attacker may attempt to forge or tamper with another area. In this case, the image may be vulnerable to forgery or tampering attacks.

在使用根據當前實施例的挑戰-回應的方法中,ADAS SOC 601可以固定時間間隔更新待應用MAC的任意區域。通過將如MAC的安全特徵不應用到全部圖像而是應用到圖像的部分區域,可防止性能降低且可減小硬體成本,並且待應用MAC的圖像區域由ADAS SOC 601即時改變,以使得可防止圖像由攻擊者偽造或篡改。此時,可加密和傳輸由ADAS SOC 601提供的區域資訊。舉例來說,區域資訊可通過攝像頭裝置600的公共金鑰、通過現有共用金鑰或通過工作階段金鑰來加密。就安全而言,在下文中所描述的操作可在ADAS SOC 601與攝像頭裝置600之間執行認證之後執行。In using the challenge-response method according to the current embodiment, the ADAS SOC 601 may update any area to which the MAC is to be applied at fixed time intervals. By applying a security feature such as MAC not to the whole image but to a partial area of the image, performance degradation can be prevented and hardware cost can be reduced, and the image area to which the MAC is to be applied is instantly changed by the ADAS SOC 601, In order to make it possible to prevent the image from being forged or tampered with by an attacker. At this point, the area information provided by the ADAS SOC 601 can be encrypted and transmitted. For example, the area information can be encrypted by the public key of the camera device 600, by the existing public key, or by the session key. In terms of security, the operations described below may be performed after authentication is performed between the ADAS SOC 601 and the camera device 600 .

ADAS SOC 601可對待用於圖像認證的工作階段金鑰和表示全部圖像中待應用MAC的任意區域的區域資訊Info_reg進行加密,且將加密的工作階段金鑰和區域資訊Info_reg傳輸到攝像頭裝置600。此時使用的加密方法可為公共金鑰或秘密金鑰方法。將用於加密的金鑰儲存於安全儲存裝置634中有其必要性。The ADAS SOC 601 can encrypt the session key to be used for image authentication and the area information Info_reg representing any area in the entire image to which the MAC is to be applied, and transmit the encrypted session key and area information Info_reg to the camera device 600. The encryption method used at this time may be a public key or a secret key method. It is necessary to store the keys used for encryption in secure storage 634 .

安全控制器631可將從ADAS SOC 601接收的密碼傳輸到金鑰共用器632。可將解碼的工作階段金鑰傳輸到標記產生器633。可將圖像的MAC應用區域的區域資訊傳輸到安全控制器631。安全控制器631可將由區域資訊選自全部圖像的部分區域的圖像傳輸到標記產生器633。The security controller 631 may transmit the password received from the ADAS SOC 601 to the key sharer 632 . The decoded session key may be transmitted to the token generator 633 . The area information of the MAC application area of the image may be transmitted to the security controller 631 . The security controller 631 may transmit an image of a partial area selected from the entire image by the area information to the marker generator 633 .

標記產生器633可通過使用工作階段金鑰和圖像資料來產生MAC,且可將產生的MAC傳輸到封包格式編碼器620。封包格式編碼器620可將MAC傳輸到ADAS SOC 601以及封包的頭部或尾端。ADAS SOC 601可儲存提供到攝像頭裝置600其中的區域資訊,接收對應封包,通過使用當前持有的區域資訊來產生如攝像頭裝置600的MAC,將產生的MAC與包含於封包中的MAC進行比較,在MAC值彼此匹配時確定圖像為經過授權的圖像,以及執行後續操作。The token generator 633 may generate a MAC by using the session key and image data, and may transmit the generated MAC to the packet format encoder 620 . The packet format encoder 620 may transmit the MAC to the ADAS SOC 601 and the header or tail of the packet. The ADAS SOC 601 can store the area information provided to the camera device 600, receive the corresponding packet, generate the MAC of the camera device 600 by using the currently held area information, compare the generated MAC with the MAC contained in the packet, The image is determined to be an authorized image when the MAC values match each other, and subsequent operations are performed.

在另一方面,根據一實施例,為了以固定時間間隔改變待應用MAC的圖像的區域的位置,ADAS SOC 601可將區域資訊提供到攝像頭裝置600。舉例來說,ADAS SOC 601可基於上述挑戰-回應以每幀、以每幾幀或以固定時間間隔將區域資訊提供到攝像頭裝置600。舉例來說,ADAS SOC 601可將挑戰-回應提供到攝像頭裝置600,以便改變待執行MAC操作的圖像的區域的位置,且攝像頭裝置600可使用以幀計或以週期計的另一位置中的區域的圖像資料來執行MAC產生操作。On the other hand, according to an embodiment, in order to change the position of the region of the image to which the MAC is to be applied at fixed time intervals, the ADAS SOC 601 may provide region information to the camera device 600 . For example, the ADAS SOC 601 may provide the area information to the camera device 600 every frame, every few frames, or at fixed time intervals based on the challenge-response described above. For example, ADAS SOC 601 may provide a challenge-response to camera device 600 to change the location of the area of the image where the MAC operation is to be performed, and camera device 600 may use another location in frames or cycles The image data of the region to perform the MAC generation operation.

圖17A和圖17B為繪示根據圖像認證中產生區域資訊的主題的實例處理流程的視圖。在圖17A中,繪示作為圖像接收器的ADAS SOC產生區域資訊的實例。在圖17B中,繪示作為圖像發射機的攝像頭裝置產生區域資訊的實例。17A and 17B are diagrams illustrating an example process flow according to the subject of generating area information in image authentication. In FIG. 17A, an example of generating area information by an ADAS SOC as an image receiver is shown. In FIG. 17B , an example of generating area information by a camera device as an image transmitter is shown.

參考圖17A,認證可在ADAS SOC與攝像頭裝置(例如互補型金屬氧化物半導體(complementary metal-oxide-semiconductor;CMOS)圖像感測器)之間執行,且金鑰交換可在ADAS SOC與攝像頭裝置(CIS)之間執行。另外,ADAS SOC將區域資訊提供到攝像頭裝置(CIS),且攝像頭裝置(CIS)可將包含MAC的圖像提供到ADAS SOC。Referring to Figure 17A, authentication can be performed between the ADAS SOC and a camera device (eg, a complementary metal-oxide-semiconductor (CMOS) image sensor), and a key exchange can be performed between the ADAS SOC and the camera between devices (CIS). Additionally, the ADAS SOC provides the area information to the camera device (CIS), and the camera device (CIS) can provide the image containing the MAC to the ADAS SOC.

在另一方面,參考圖17B,認證在ADAS SOC與攝像頭裝置(例如,互補型金屬氧化物半導體(CMOS)圖像感測器)之間執行,且金鑰交換可在ADAS SOC與攝像頭裝置(CIS)之間執行。另外,ADAS SOC將區域資訊提供到攝像頭裝置(CIS),且攝像頭裝置(CIS)可將包含MAC的圖像提供到ADAS SOC。17B, authentication is performed between the ADAS SOC and the camera device (eg, a complementary metal oxide semiconductor (CMOS) image sensor), and the key exchange may be performed between the ADAS SOC and the camera device ( CIS). Additionally, the ADAS SOC provides the area information to the camera device (CIS), and the camera device (CIS) can provide the image containing the MAC to the ADAS SOC.

圖18為繪示根據可修改實施例的圖像處理系統700的框圖。FIG. 18 is a block diagram illustrating an image processing system 700 according to a modifiable embodiment.

參考圖18,圖像處理系統700可包含作為圖像傳輸裝置的攝像頭裝置710,且可包含作為圖像處理裝置的ADAS SOC 720。另外,攝像頭裝置710可包含用於執行上述實施例中的裝置認證和圖像認證的安全處理的安全電路711。另外,ADAS SOC 720可包含安全處理模組721、圖像處理器722以及AI操作器723。安全處理模組721可包含圖像區域選擇器721_1和區域資訊控制器721_2。儘管圖18中未繪示,但用於執行上述實施例中的各種功能的元件可進一步在攝像頭裝置710和ADAS SOC 720中的每一個中提供。舉例來說,安全處理模組721可更包含各種元件,所述各種元件包含用於裝置認證的元件、用於標記產生和比較的元件以及用於加密/解碼處理的元件。Referring to FIG. 18, an image processing system 700 may include a camera device 710 as an image transmission device, and may include an ADAS SOC 720 as an image processing device. In addition, the camera device 710 may include a security circuit 711 for performing the security process of device authentication and image authentication in the above-described embodiments. Additionally, the ADAS SOC 720 may include a security processing module 721 , an image processor 722 and an AI operator 723 . The security processing module 721 may include an image area selector 721_1 and an area information controller 721_2. Although not shown in FIG. 18 , elements for performing the various functions in the above-described embodiments may further be provided in each of the camera device 710 and the ADAS SOC 720 . For example, the secure processing module 721 may further include various elements including elements for device authentication, elements for token generation and comparison, and elements for encryption/decoding processing.

根據當前實施例,上述區域資訊Info_reg可由ADAS SOC 720產生,且產生的區域資訊Info_reg可被加密且傳輸到攝像頭裝置710。另外,ADAS SOC 720可通過週期性地或非週期性地改變區域資訊Info_reg的值來改變由某一圖像所選擇的區域的位置。According to the current embodiment, the above-mentioned area information Info_reg may be generated by the ADAS SOC 720 , and the generated area information Info_reg may be encrypted and transmitted to the camera device 710 . In addition, the ADAS SOC 720 may change the position of a region selected by a certain image by periodically or aperiodically changing the value of the region information Info_reg.

根據實施例,區域資訊Info_reg的值可基於分析當前捕獲的圖像的特徵的結果而改變。區域資訊控制器721_2可產生區域資訊Info_reg,且可基於分析圖像的特徵的結果而改變區域資訊Info_reg的值。為此目的,安全處理模組721可接收來自圖像處理器722的圖像處理結果和來自AI操作器723的圖像分析結果中的至少一個,且區域資訊控制器721_2可基於所接收的結果而改變區域資訊Info_reg的值。According to an embodiment, the value of the region information Info_reg may be changed based on the result of analyzing the characteristics of the currently captured image. The area information controller 721_2 may generate the area information Info_reg, and may change the value of the area information Info_reg based on the result of analyzing the characteristics of the image. For this purpose, the security processing module 721 may receive at least one of an image processing result from the image processor 722 and an image analysis result from the AI operator 723, and the area information controller 721_2 may be based on the received result And change the value of the regional information Info_reg.

舉例來說,當前捕獲的圖像可對應於道路的圖像,某一圖像的部分區域可對應於背景,且剩餘部分區域可對應於道路。此時,在圖像處理系統700對應於自動系統時,可主要使用道路區域的照相狀態,且道路區域的圖像必須未經偽造或篡改。區域資訊控制器721_2可通過使用圖像處理結果來將背景區域與道路區域進行區分,且可改變區域資訊Info_reg的值,以使得可選擇道路區域的資料作為用於圖像認證的區域。舉例來說,區域資訊Info_reg的值可改變,以使得週期性地或非週期性地改變區域資訊Info_reg的值,且可主要使用道路區域的資料。For example, the currently captured image may correspond to an image of a road, a partial area of a certain image may correspond to the background, and the remaining partial area may correspond to a road. At this time, when the image processing system 700 corresponds to an automatic system, the photographing state of the road area may be mainly used, and the image of the road area must not be forged or tampered with. The area information controller 721_2 can distinguish the background area from the road area by using the image processing result, and can change the value of the area information Info_reg so that the data of the road area can be selected as the area for image authentication. For example, the value of the area information Info_reg may be changed such that the value of the area information Info_reg is changed periodically or aperiodically, and the data of the road area may be mainly used.

或者,區域資訊控制器721_2可根據來自AI操作器723的圖像分析結果檢查當前捕獲的圖像上發現的物體,且可通過物體完整地確定當前捕獲的圖像。區域資訊控制器721_2可確定必須絕對不含偽造的臨界區域,且可基於臨界區域改變區域資訊Info_reg的值。舉例來說,可產生區域資訊Info_reg,以使得將與自動駕駛中駕駛行為更相關的物體(例如,道路、街道標牌等)的位置選用於圖像認證。Alternatively, the area information controller 721_2 may check the objects found on the currently captured image according to the image analysis result from the AI operator 723, and may completely determine the currently captured image by the objects. The regional information controller 721_2 can determine that there must be absolutely no forged critical regions, and can change the value of the regional information Info_reg based on the critical regions. For example, the area information Info_reg may be generated so that the locations of objects (eg, roads, street signs, etc.) that are more relevant to driving behavior in autonomous driving are selected for image authentication.

圖19為繪示根據本發明概念的示例性實施例用於圖像認證的安全處理模組實施於自動模組中適於車輛的實例的框圖。圖19中繪示的系統可對應於自動系統800,且自動系統800可包含感測器資訊採集器810、導航資訊採集器820、自動模組830以及中央處理單元(central processing unit;CPU)840。另外,自動模組830可包含神經網路裝置831和安全處理器832。19 is a block diagram illustrating an example of a security processing module for image authentication implemented in an automatic module suitable for a vehicle according to an exemplary embodiment of the present inventive concept. The system shown in FIG. 19 may correspond to the automatic system 800 , and the automatic system 800 may include a sensor information collector 810 , a navigation information collector 820 , an automatic module 830 , and a central processing unit (CPU) 840 . Additionally, the automation module 830 may include a neural network device 831 and a security processor 832 .

神經網路裝置831可使用各種圖像資訊和語音資訊執行神經網路操作,且可基於神經網路操作執行結果而產生如圖像識別結果和語音辨識結果的資訊信號。舉例來說,感測器資訊採集器810可包含能夠採集各種圖像資訊和語音資訊的裝置,如相機或麥克風,且可將各種圖像資訊和語音資訊提供到自動模組830。另外,導航資訊採集器820可將與車輛駕駛相關的各種資訊項(例如位置資訊)提供到自動模組830。神經網路裝置831可通過執行各種神經網路模型通過使用來自感測器資訊採集器810和/或導航資訊採集器820的資訊作為輸入來產生資訊信號。在感測器資訊採集器810包含攝像頭時,根據上述實施例的作為圖像傳輸裝置的攝像頭裝置可應用於攝像頭。The neural network device 831 may perform a neural network operation using various image information and voice information, and may generate information signals such as an image recognition result and a speech recognition result based on the result of performing the neural network operation. For example, the sensor information collector 810 may include a device capable of collecting various image information and voice information, such as a camera or a microphone, and may provide the various image information and voice information to the automatic module 830 . In addition, the navigation information collector 820 may provide various information items (eg, location information) related to vehicle driving to the automatic module 830 . The neural network device 831 may generate information signals by executing various neural network models using information from the sensor information collector 810 and/or the navigation information collector 820 as input. When the sensor information collector 810 includes a camera, the camera device as an image transmission device according to the above-mentioned embodiment can be applied to the camera.

在另一方面,安全處理器832可根據上述實施例執行裝置認證和圖像認證。舉例來說,安全處理器832可基於CPU 840的控制而執行上述認證操作。舉例來說,安全處理器832可使用可提供於感測器資訊採集器810中的各種裝置執行裝置認證,且可使用用於將圖像傳輸在各種裝置中的裝置執行上述實施例中的圖像認證。舉例來說,安全處理器832可通過使用至少圖像的部分區域的安全處理來執行圖像認證,其中裝置傳輸圖像,且可僅將成功地認證的圖像選擇性地提供到神經網路裝置831。On the other hand, the security processor 832 may perform device authentication and image authentication according to the above-described embodiments. For example, the security processor 832 may perform the above-described authentication operation based on the control of the CPU 840 . For example, the security processor 832 may perform device authentication using various devices that may be provided in the sensor information collector 810, and may perform the diagrams in the above-described embodiments using the devices for transmitting images among the various devices Like authentication. For example, the security processor 832 may perform image authentication by using secure processing of at least a partial region of the image, where the device transmits the image, and only images that are successfully authenticated may be selectively provided to the neural network Device 831.

在圖19中,描述本發明概念的實施例應用於自動系統的實例。然而,本公開的實施例可應用於需要如物聯網(Internet of Thing;IoT)和監控攝像頭的攝像頭感測器的安全功能的產品。In FIG. 19, an example in which an embodiment of the inventive concept is applied to an automated system is described. However, the embodiments of the present disclosure may be applied to products requiring security functions such as Internet of Things (IoT) and camera sensors of surveillance cameras.

雖然已經參考本公開的實例實施例繪示及描述本公開,但應理解,可在不脫離所附申請專利範圍的精神和範圍的情況下在其中作出形式和細節的各種改變。While the present disclosure has been shown and described with reference to example embodiments thereof, it will be understood that various changes in form and details may be made therein without departing from the spirit and scope of the appended claims.

10、300A、300B、700‧‧‧圖像處理系統20‧‧‧攝像頭系統100、310A、310B‧‧‧圖像傳輸裝置101‧‧‧攝像頭感測器102‧‧‧認證器103、311A、311B‧‧‧標記產生器104、212_2、312A、312B、721_1‧‧‧圖像區域選擇器110、430、711‧‧‧安全電路200、320A、320B‧‧‧圖像處理裝置230‧‧‧處理器210、832‧‧‧安全處理器211‧‧‧裝置認證器212‧‧‧圖像認證器212_1、321A、321B‧‧‧標記比較器220、410、722‧‧‧影像處理器240、723‧‧‧人工智慧(AI)操作器322B‧‧‧區域資訊產生器400、500、600、710‧‧‧攝像頭裝置401、501、601、720‧‧‧ADAS SOC420、520、620‧‧‧封包格式編碼器331、431、531、631‧‧‧安全控制器432、532、632‧‧‧金鑰共用器433、533、633‧‧‧標記產生器434、534、634‧‧‧安全儲存裝置721‧‧‧安全處理模組721_2‧‧‧區域資訊控制器800‧‧‧自動系統810‧‧‧感測器資訊採集器820‧‧‧導航資訊採集器830‧‧‧自動模組831‧‧‧神經網路裝置840‧‧‧中央處理單元Auth‧‧‧相互認證過程Image‧‧‧圖像Image_p‧‧‧資料Info_reg、Info_reg_EN‧‧‧區域資訊Public Key_CA‧‧‧CA公共金鑰Random Challenge_EN‧‧‧隨機密碼S11、S12、S13、S14、S15、S21、S22、S23、S24、S25、S26‧‧‧操作TAG‧‧‧標記10. 300A, 300B, 700‧‧‧Image processing system 20‧‧‧Camera system 100, 310A, 310B‧‧‧Image transmission device 101‧‧‧Camera sensor 102‧‧‧Authenticator 103, 311A, 311B‧‧‧Mark generator 104, 212_2, 312A, 312B, 721_1‧‧‧Image area selector 110, 430, 711‧‧‧Security circuit 200, 320A, 320B‧‧‧Image processing device 230‧‧‧ Processor 210, 832‧‧‧Security Processor 211‧‧‧Device Authenticator 212‧‧‧Image Authenticator 212_1, 321A, 321B‧‧‧Marking Comparators 220, 410, 722‧‧‧Image Processor 240, 723‧‧‧Artificial Intelligence (AI) Operator 322B‧‧‧Regional Information Generator 400, 500, 600, 710‧‧‧Camera Device 401, 501, 601, 720‧‧‧ADAS SOC420, 520, 620‧‧‧ Packet Format Encoder 331, 431, 531, 631‧‧‧Security Controller 432, 532, 632‧‧‧Key Duplexer 433, 533, 633‧‧‧Mark Generator 434, 534, 634‧‧‧Secure Storage Device 721‧‧‧Security Processing Module 721_2‧‧‧Regional Information Controller 800‧‧‧Automatic System 810‧‧‧Sensor Information Collector 820‧‧‧Navigation Information Collector 830‧‧‧Automatic Module 831‧ ‧‧Neural Network Device 840‧‧‧Central Processing Unit Auth‧‧‧Mutual Authentication Process Image‧‧‧Image Image_p‧‧‧Data Info_reg, Info_reg_EN‧‧‧Regional Information Public Key_CA‧‧‧CA Public Key Random Challenge_EN ‧‧‧Random password S11, S12, S13, S14, S15, S21, S22, S23, S24, S25, S26‧‧‧Operation TAG‧‧‧mark

結合附圖,從以下詳細描述將更清楚地理解以上和/或其它方面。 圖1為繪示根據實例實施例的圖像傳輸裝置和包含圖像傳輸裝置的圖像處理系統的框圖。 圖2為繪示圖1的圖像傳輸裝置的實施實例的框圖。 圖3為繪示圖1的圖像處理裝置的實施實例的框圖。 圖4A和圖4B為繪示根據實例實施例的圖像處理系統的各種操作實例的框圖。 圖5和圖6為繪示根據實例實施例的操作圖像傳輸裝置的方法的流程圖。 圖7、圖8、圖9和圖10為繪示根據實例實施例的攝像頭系統的實施實例的框圖。 圖11和圖12為繪示通過使用MAC操作來執行圖像認證的實例的視圖。 圖13和圖14為繪示通過使用圖像的部分區域來執行圖像認證的實例的視圖。 圖15為繪示通過上述實施例中的攝像頭裝置任意地選擇圖像的部分區域的實例的框圖。 圖16繪示基於上述實施例中的挑戰-回應方法執行圖像認證的實例。 圖17A和圖17B為繪示根據圖像認證中產生區域資訊的主題(main agent)的實例處理流程的視圖。 圖18為繪示根據可修改實施例的圖像處理系統的框圖。 圖19為繪示根據實例實施例的在自動模組中實施安全處理模組的實例的框圖。The above and/or other aspects will be more clearly understood from the following detailed description, taken in conjunction with the accompanying drawings. 1 is a block diagram illustrating an image transmission device and an image processing system including the image transmission device, according to example embodiments. FIG. 2 is a block diagram illustrating an implementation example of the image transmission apparatus of FIG. 1 . FIG. 3 is a block diagram illustrating an implementation example of the image processing apparatus of FIG. 1 . 4A and 4B are block diagrams illustrating various operational examples of an image processing system according to example embodiments. 5 and 6 are flowcharts illustrating a method of operating an image transmission device according to example embodiments. 7, 8, 9, and 10 are block diagrams illustrating implementation examples of camera systems according to example embodiments. 11 and 12 are views illustrating an example of performing image authentication by using a MAC operation. 13 and 14 are views illustrating an example of performing image authentication by using a partial area of an image. FIG. 15 is a block diagram illustrating an example in which a partial region of an image is arbitrarily selected by the camera device in the above-described embodiment. FIG. 16 shows an example of performing image authentication based on the challenge-response method in the above embodiment. 17A and 17B are views illustrating an example processing flow according to a main agent that generates area information in image authentication. 18 is a block diagram illustrating an image processing system according to a modifiable embodiment. 19 is a block diagram illustrating an example of implementing a secure processing module in an automated module, according to an example embodiment.

10‧‧‧圖像處理系統 10‧‧‧Image processing system

100‧‧‧圖像傳輸裝置 100‧‧‧Image Transmission Device

110‧‧‧安全電路 110‧‧‧Safety circuit

200‧‧‧圖像處理裝置 200‧‧‧Image processing device

210‧‧‧安全處理器 210‧‧‧Security Processor

220‧‧‧影像處理器 220‧‧‧Image Processor

Claims (23)

一種圖像傳輸裝置,包括:圖像處理器,被配置成處理待傳輸到外部裝置的圖像;以及安全電路,包含與所述外部裝置共用的工作階段金鑰,所述安全電路被配置成通過使用所述圖像的部分區域的資料以及使用所述工作階段金鑰來產生用於圖像認證的標記,其中所述工作階段金鑰是關聯於用來選擇所述圖像的所述部分區域的區域資訊,其中,所述圖像傳輸裝置被配置成將對應於所述圖像所產生的所述標記與所述圖像的資料一起傳輸到所述外部裝置。 An image transmission device, comprising: an image processor configured to process images to be transmitted to an external device; and a security circuit including a session key shared with the external device, the security circuit configured to A token for image authentication is generated by using the profile of the part area of the image and using the work session key associated with the part used to select the image area information of an area, wherein the image transmission device is configured to transmit the indicia generated corresponding to the image to the external device together with data of the image. 如申請專利範圍第1項所述的圖像傳輸裝置,還包括封包格式編碼器,所述封包格式編碼器被配置成產生包含從所述安全電路提供的所述標記及從所述圖像處理器提供的所述圖像的資料的封包。 The image transmission device of claim 1, further comprising a packet format encoder configured to generate a packet format encoder including the indicia provided from the security circuit and processed from the image A package of data for the image provided by the server. 如申請專利範圍第1項所述的圖像傳輸裝置,其中,所述安全電路進一步被配置成接收經由與所述外部裝置通信而被加密的經加密工作階段金鑰、通過解碼過程獲得所述工作階段金鑰以及通過使用所述工作階段金鑰來產生所述標記。 The image transmission device of claim 1, wherein the security circuit is further configured to receive an encrypted session key encrypted via communication with the external device, obtain the A session key and generating the token by using the session key. 如申請專利範圍第3項所述的圖像傳輸裝置,其中,所述標記為消息認證碼,所述消息認證碼是通過使用所述圖像的所述部分區域的所述資料以及使用所述工作階段金鑰的至少部分位 元所產生的。 The image transmission device according to claim 3, wherein the mark is a message authentication code, and the message authentication code is obtained by using the material of the partial area of the image and using the At least some bits of the session key generated by the element. 如申請專利範圍第1項所述的圖像傳輸裝置,其中,所述安全電路包括:安全控制器,被配置成控制所述安全電路中用於所述圖像認證的操作;金鑰共用器,被配置成對從所述外部裝置提供的加密資訊進行解碼、對接收到的相關於所述圖像認證的經加密工作階段金鑰進行解碼以及獲得用於產生所述標記的所述工作階段金鑰;以及標記產生器,被配置成通過使用所述工作階段金鑰以及使用所述圖像的所述部分區域的所述資料來產生所述標記。 The image transmission apparatus of claim 1, wherein the security circuit comprises: a security controller configured to control operations in the security circuit for the image authentication; a key sharer , configured to decode encrypted information provided from the external device, decode a received encrypted work session key associated with the image authentication, and obtain the work session used to generate the indicia a key; and a marker generator configured to generate the marker by using the session key and using the material of the partial area of the image. 如申請專利範圍第5項所述的圖像傳輸裝置,其中,所述安全電路還包括安全儲存裝置,所述安全儲存裝置被配置成儲存加密金鑰,所述加密金鑰用於由所述金鑰共用器來執行的解碼。 The image transmission device of claim 5, wherein the secure circuit further comprises a secure storage device configured to store an encryption key for use by the Decoding performed by the key sharer. 如申請專利範圍第1項所述的圖像傳輸裝置,其中,所述區域資訊由所述圖像傳輸裝置產生,其中,所述安全電路進一步被配置成對所述產生的區域資訊進行加密以及產生加密的區域資訊,以及其中,所述圖像傳輸裝置進一步將所述加密的區域資訊傳輸到所述外部裝置。 The image transmission device of claim 1, wherein the region information is generated by the image transmission device, wherein the security circuit is further configured to encrypt the generated region information and generating encrypted area information, and wherein the image transmission device further transmits the encrypted area information to the external device. 如申請專利範圍第1項所述的圖像傳輸裝置,其中,所述區域資訊被加密以及由所述外部裝置提供到所述圖像傳輸裝 置,以及其中,所述安全電路進一步被配置成對所述加密的區域資訊進行解碼以及通過使用解碼的區域資訊來選擇所述圖像的所述部分區域。 The image transmission device according to claim 1, wherein the area information is encrypted and provided to the image transmission device by the external device and wherein the security circuit is further configured to decode the encrypted region information and select the partial region of the image by using the decoded region information. 如申請專利範圍第8項所述的圖像傳輸裝置,其中,所述區域資訊在所述圖像傳輸裝置的初始驅動期間由所述外部裝置提供,以及其中,在重啟所述圖像傳輸裝置之前固定地在所述圖像內的特定位置處選擇所述部分區域。 The image transmission device of claim 8, wherein the area information is provided by the external device during initial driving of the image transmission device, and wherein the image transmission device is restarted The partial area was previously fixedly selected at a specific location within the image. 如申請專利範圍第8項所述的圖像傳輸裝置,其中,所述區域資訊以預定時間間隔由所述外部裝置提供,以及其中,在每次所述預定時間間隔中不同地選擇所述圖像內的所述部分區域的位置。 The image transmission device of claim 8, wherein the region information is provided by the external device at predetermined time intervals, and wherein the image is selected differently each time the predetermined time interval The location of the partial area within the image. 如申請專利範圍第1項所述的圖像傳輸裝置,其中,所述安全電路進一步被配置成在執行所述圖像認證之前使用所述外部裝置執行基於挑戰-回應的裝置認證過程,以及在成功地執行裝置認證過程的所述外部裝置上執行所述圖像認證。 The image transmission device of claim 1, wherein the security circuit is further configured to perform a challenge-response based device authentication process using the external device prior to performing the image authentication, and The image authentication is performed on the external device that has successfully performed the device authentication process. 如申請專利範圍第1項所述的圖像傳輸裝置,其中,所述圖像傳輸裝置還包括攝像頭感測器。 The image transmission device according to claim 1, wherein the image transmission device further comprises a camera sensor. 一種操作圖像傳輸裝置的方法,所述方法包括:通過與外部裝置通信獲得待用於圖像認證的工作階段金鑰; 基於表示圖像內的所述部分區域的位置的區域資訊來選擇待傳輸到所述外部裝置的所述圖像的部分區域,其中選擇所述圖像的所述部分區域包括根據先前設定的時間週期基於所述區域資訊而從所述圖像的不同位置處來選擇區域;通過使用所述工作階段金鑰以及所述圖像的所述部分區域的資料來產生對應於所述圖像的標記;以及將包含所述圖像和對應於所述圖像的所述標記的封包傳輸到所述外部裝置。 A method of operating an image transmission device, the method comprising: obtaining a work session key to be used for image authentication by communicating with an external device; The partial area of the image to be transmitted to the external device is selected based on area information representing the location of the partial area within the image, wherein selecting the partial area of the image includes according to a previously set time Periodically select regions from different locations of the image based on the region information; generate a tag corresponding to the image by using the session key and data for the partial region of the image ; and transmitting a packet containing the image and the indicia corresponding to the image to the external device. 如申請專利範圍第13項所述的操作圖像傳輸裝置的方法,還包括使用所述外部裝置執行基於挑戰-回應的裝置認證過程,其中,在成功地執行所述基於挑戰-回應的裝置認證過程時,選擇性地產生用於圖像認證的所述標記。 The method of operating an image transmission device according to claim 13, further comprising performing a challenge-response based device authentication process using the external device, wherein the challenge-response based device authentication is successfully performed after the challenge-response based device authentication is successfully performed. During the process, the indicia for image authentication is selectively generated. 如申請專利範圍第13項所述的操作圖像傳輸裝置的方法,其中,通過對從所述外部裝置接收的經加密工作階段金鑰進行解碼來獲得所述工作階段金鑰。 The method of operating an image transmission device of claim 13, wherein the work session key is obtained by decoding an encrypted work session key received from the external device. 如申請專利範圍第13項所述的操作圖像傳輸裝置的方法,其中,所述區域資訊由所述圖像傳輸裝置來產生,以及其中,通過對所述區域資訊進行加密來獲得的資訊進一步提供於傳輸到所述外部裝置的所述封包中。 The method of operating an image transmission device as described in claim 13, wherein the area information is generated by the image transmission device, and wherein the information obtained by encrypting the area information is further provided in the packet transmitted to the external device. 如申請專利範圍第13項所述的操作圖像傳輸裝置的方法,還包括:從所述外部裝置接收加密的區域資訊;以及 通過對所述加密的區域資訊進行解碼來獲得所述區域資訊。 The method of operating an image transmission device as described in claim 13, further comprising: receiving encrypted region information from the external device; and The area information is obtained by decoding the encrypted area information. 一種從圖像傳輸裝置接收圖像的片上系統,所述片上系統包括:認證器,被配置成通過使用所述圖像傳輸裝置執行裝置認證過程來檢查所述圖像傳輸裝置是否是經過授權的裝置;以及圖像處理器,被配置成:從所述圖像傳輸裝置接收所述圖像以及對應於所述圖像的第一標記,通過使用所述圖像的部分區域的資料以及基於選擇所述圖像的所述部分區域的區域資訊的工作階段金鑰來計算第二標記,以及通過將所述第一標記與所述第二標記進行比較來執行圖像認證。 A system on a chip that receives an image from an image transmission device, the system on a chip comprising: an authenticator configured to check whether the image transmission device is authorized by performing a device authentication process using the image transmission device an apparatus; and an image processor configured to: receive the image and a first indicia corresponding to the image from the image transmission apparatus, by using profiles of portions of the image and based on selections A second signature is calculated using the session key of the area information of the partial area of the image, and image authentication is performed by comparing the first signature with the second signature. 如申請專利範圍第18項所述的從圖像傳輸裝置接收圖像的片上系統,其中,所述認證器進一步被配置成通過使用所述圖像傳輸裝置的會話過程與所述圖像傳輸裝置共用所述工作階段金鑰,以及其中,所述圖像處理器進一步被配置成基於具有相同值的所述第一標記以及所述第二標記來確定所述圖像未偽造或篡改。 The system-on-a-chip for receiving an image from an image transmission device as described in claim 18, wherein the authenticator is further configured to communicate with the image transmission device through a session process using the image transmission device the session key is shared, and wherein the image processor is further configured to determine that the image is not forged or tampered with based on the first indicia and the second indicia having the same value. 如申請專利範圍第18項所述的從圖像傳輸裝置接收圖 像的片上系統,其中,所述圖像處理器進一步被配置成從所述圖像傳輸裝置接收對應於所述圖像的所述區域資訊以及通過使用所述接收的區域資訊選擇所述圖像的所述部分區域。 Receiving a picture from an image transmission device as described in claim 18 A system-on-a-chip image, wherein the image processor is further configured to receive the region information corresponding to the image from the image transmission device and to select the image by using the received region information the part of the area. 如申請專利範圍第18項所述的從圖像傳輸裝置接收圖像的片上系統,其中,所述區域資訊由所述片上系統產生、加密以及傳輸到所述圖像傳輸裝置,以使得所述圖像傳輸裝置通過使用所述圖像的所述部分區域的資料來產生所述第一標記。 The system-on-chip for receiving an image from an image transmission device as described in claim 18, wherein the region information is generated by the system-on-chip, encrypted and transmitted to the image transmission device so that the The image transmission device generates the first mark by using the data of the partial area of the image. 如申請專利範圍第21項所述的從圖像傳輸裝置接收圖像的片上系統,其中,為了改變根據預定時間週期選自所述圖像的所述部分區域的位置,傳輸到所述圖像傳輸裝置的區域資訊值根據所述預定時間週期改變。 The system-on-a-chip for receiving an image from an image transmission device according to claim 21, wherein in order to change the position of the partial region of the image selected according to a predetermined time period, the image is transmitted to the image The area information value of the transmission device is changed according to the predetermined time period. 如申請專利範圍第18項所述的從圖像傳輸裝置接收圖像的片上系統,還包括通過使用自動系統的認證圖像來執行人工智慧操作的人工智慧操作器。 The system-on-a-chip for receiving an image from an image transmission device as described in claim 18, further comprising an artificial intelligence manipulator that performs an artificial intelligence operation by using the authenticated image of the automatic system.
TW107134149A 2017-09-28 2018-09-27 Image transmitting device, a method of operating an image transmitting device and a system on chip TWI767064B (en)

Applications Claiming Priority (6)

Application Number Priority Date Filing Date Title
KR10-2017-0126348 2017-09-28
??10-2017-0126348 2017-09-28
KR20170126348 2017-09-28
??10-2018-0092047 2018-08-07
KR1020180092047A KR102523416B1 (en) 2017-09-28 2018-08-07 Security Device providing Security function for image, Camera Device having the same and System on Chip controlling Camera Device
KR10-2018-0092047 2018-08-07

Publications (2)

Publication Number Publication Date
TW201916630A TW201916630A (en) 2019-04-16
TWI767064B true TWI767064B (en) 2022-06-11

Family

ID=66104044

Family Applications (1)

Application Number Title Priority Date Filing Date
TW107134149A TWI767064B (en) 2017-09-28 2018-09-27 Image transmitting device, a method of operating an image transmitting device and a system on chip

Country Status (2)

Country Link
KR (1) KR102523416B1 (en)
TW (1) TWI767064B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI734729B (en) * 2017-01-19 2021-08-01 香港商阿里巴巴集團服務有限公司 Method and device for realizing electronic signature and signature server

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5898779A (en) * 1997-04-14 1999-04-27 Eastman Kodak Company Photograhic system with selected area image authentication
TW201330571A (en) * 2011-10-08 2013-07-16 Broadcom Corp Social network device communication resource allocation

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7558961B2 (en) * 2005-04-21 2009-07-07 Xerox Corporation Systems and methods for embedding messages in look-up tables
US8208633B2 (en) * 2008-11-24 2012-06-26 Pitney Bowes Inc. Method and system for securing communications in a metering device
JP5538792B2 (en) * 2009-09-24 2014-07-02 キヤノン株式会社 Image processing apparatus, control method thereof, and program
KR20130126800A (en) * 2012-04-23 2013-11-21 한국전자통신연구원 Method of image processing for a privacy protection of a captured image and apparatus for the same
KR101737520B1 (en) * 2015-04-30 2017-05-18 성균관대학교산학협력단 Vehicle accident information transmission method and apparatus and vehicle accident information collection method and apparatus based on interaction between apparatuses
JP6217728B2 (en) * 2015-10-19 2017-10-25 トヨタ自動車株式会社 Vehicle system and authentication method

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5898779A (en) * 1997-04-14 1999-04-27 Eastman Kodak Company Photograhic system with selected area image authentication
TW201330571A (en) * 2011-10-08 2013-07-16 Broadcom Corp Social network device communication resource allocation

Also Published As

Publication number Publication date
TW201916630A (en) 2019-04-16
KR102523416B1 (en) 2023-04-19
KR20190037088A (en) 2019-04-05

Similar Documents

Publication Publication Date Title
CN109587518B (en) Image transmission apparatus, method of operating the same, and system on chip
CN109076078B (en) Method for establishing and updating a key for secure on-board network communication
US10382419B2 (en) Communication device, LSI, program, and communication system
JP7229647B2 (en) SIGNAL PROCESSING APPARATUS AND METHOD, AND PROGRAM
EP3435592B1 (en) Fingerprint data processing method and processing apparatus
JP6167990B2 (en) Signature verification system, verification device, and signature verification method
KR102485857B1 (en) Authenticating a networked camera using a certificate having device binding information
US20170353315A1 (en) Secure electronic entity, electronic apparatus and method for verifying the integrity of data stored in such a secure electronic entity
CN116232593B (en) Multi-password module sensitive data classification and protection method, equipment and system
CN110838919B (en) Communication method, storage method, operation method and device
US20200145220A1 (en) Verification system, verification method and non-transitory computer readable storage medium
CN113115309B (en) Data processing method and device for Internet of vehicles, storage medium and electronic equipment
TWI767064B (en) Image transmitting device, a method of operating an image transmitting device and a system on chip
CN110445774B (en) Security protection method, device and equipment for IoT (Internet of things) equipment
CN104883260B (en) Certificate information processing and verification method, processing terminal and authentication server
KR102415628B1 (en) Method and apparatus for authenticating drone using dim
CN111444496A (en) Application control method, device, equipment and storage medium
CN113261255B (en) Device authentication by quarantine and verification
KR20150109202A (en) Method and system for authenticating communication data of vehicle
US20220050605A1 (en) Remote enforcement of device memory
US20090150670A1 (en) Communication node authentication system and method, and communication node authentication program
KR101534792B1 (en) Method and server for enhancing security when authentication key is transferred, and computer-readable recording media using the same
TW201446067A (en) Systems, methods and apparatuses for ensuring proximity of communication device
CN115001749B (en) Equipment authorization method, device, equipment and medium
CN116248280B (en) Anti-theft method for security module without key issue, security module and device