CN1161997C - Apparatus and method for securing captured data transmitted between two sources - Google Patents
Apparatus and method for securing captured data transmitted between two sources Download PDFInfo
- Publication number
- CN1161997C CN1161997C CNB971816069A CN97181606A CN1161997C CN 1161997 C CN1161997 C CN 1161997C CN B971816069 A CNB971816069 A CN B971816069A CN 97181606 A CN97181606 A CN 97181606A CN 1161997 C CN1161997 C CN 1161997C
- Authority
- CN
- China
- Prior art keywords
- swimming
- distance
- hashed value
- data folder
- folder
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The present invention relates to a safety datum capturing device (which is preferably achieved in a video camera) which is used for protecting a captured datum folder from interpolation before detection. The operation of 'temporal classification' and/or 'sequence array' is executed by the safety datum capturing device through respectively storing two registers of a 'galaxy state '('SOTU') number and a sequence number so as to maintain datum integrity. The temporal classification is completed in the following method: before a numeral mark is processed by 'time marking', the running hashing (320) of the datum folder which is signified to be attached to the SOTU number is performed by numeral marking (310). The sequence array is completed in the following method: a datum frame or abstracts of a plurality of datum frames are performed by the numeral marking along the sequence number.
Description
Background of invention
The present invention relates to be used for data security personnel's apparatus and method.More specifically, the present invention relates to such semiconductor device, it prevents that the data of being caught by acquisition equipment from being changed unknownly, and it is provided for keeping the mechanism of data integrity.
Technical field
The equipment that transmits along with PC (" PC "), network and other number of support digital data becomes more general, and the importance of data fail safe increases severely.Reliable for data fail safe height, just must guarantee that the data of transmitting are " really " between two sources.A kind of limited technology that is used for the protected data integrality is by access control (being User Recognition and mandate).Now, the current effort of doing is to utilize a kind of being referred to as " biometry " access control technology, its uses and to be used for equipment fail safe () acquisition equipment for example: building, room or the like basically.Biologicall test learns a skill and generally includes the feature (for example: fingerprint, iris, retina or the like) that digitally scans the user, with catch this feature at least one or more heterogeneous like a plurality of Frames (be commonly referred to as and be " data folder "), and relatively with the data folder of catching and previously stored original.If catch those characteristic matching of the master mold of some feature of data folder and storage, then this user is identified and is authorized to.
In recent years, it is so ripe that electronic technology becomes so that as the change of the data folder of in feature film at present, by some special effect proof, digitally catching become and more be difficult to detection.The result, utilize the security system (after this being called " biosystem " individually) of biometry to be considered to now be limited by and catch distorting of data folder (data clip), if this biosystem is physically connected to system or component is handled or data folder is not caught in storage.Its reason is that communication port will most likely open to the public, this just makes the hacker that such chance is arranged: the data folder (i) of catching is substituted the data folder of original record, (ii) transmit in real time from another position or (iii) with other non-existent image or characteristics combination.
Aspect the effort of protected data integrality, a kind of being called " time mark " technology of (time stamp) be developed recently, and be provided to commercial by the Surety technology company of newly translating western state Chatham.As shown in Figure 1, come an example of deadline mark by the user by being stored in encryption security personnel hash (hash) algorithm 120 in the local source 100 (for example :) deal with data group 110 (being data flow) by " MD5 " algorithm of the RSA data security company exploitation in Jia Nifuniya Redwood city.This just causes numerical data combination 110 to be mapped to obviously from its virtually any size diminishing, fixed dimension, and is so-called for there not being " digest " 130 of the information content.
Typically, digest 130 is transmitted (preferably electronization ground) to by the central source 150 of dotted line 140 expressions and make up by as directed " binary tree " mode by hash and with some other digests 160 of homology never later on, therefore, produce many " middle digests " 170, produced synthetic digest 180 at last.Next, synthetic digest 180 is by open (for example: be printed on the publication, it is active to be distributed to institute, be stored in and put in the telecommunications databases, or the like) widely, existed before synthetic digest 180 is open at least to establish this data set 110., current being not used in " chronological classification " be the mechanism of digest 130 (time-bracketing), after guaranteeing that data set 110 is present in specific time point before open.It is useful that the timing classification of the data folder of catching is emitted for the puppet of the data folder that prevents from before to have caught.And, also be not used in the mechanism of the Frame of fixing " sequence arrangement " data folder, be changed the order of appearance with the order that prevents Frame, with reach occur some sequence of incident appearred.
Summary of the invention
Based on top description, clearly need in acquisition equipment, adopt security personnel's data catching function, this acquisition equipment prevents that the data folder of catching just is not changed after testing.In addition; integrality for further protected data folder; this security personnel's data catching function preferably includes " chronological classification " mechanism; its calculates and sets up the time cycle that data folder must be caught by acquisition equipment; and selectively comprising " sequence arrangement " mechanism, it guarantees that a plurality of Frames appear at the order in the data folder.
According to a kind of semiconductor device of the present invention, comprise
Sensing device is used to catch data folder; With
Encryption device is connected to described sensing device, is used to protect the integrality of described data folder, and described encryption device comprises:
Storage device is used to store unique key to, distance of swimming hashed value and state value,
Processor device is used for described data folder executable operations, with establish this data folder be described state value openly after and described distance of swimming hashed value is being carried out time mark operation before be hunted down and
Bus unit makes described processor device and described storage communication, and described bus unit is connected to described processor device and described storage device.
According to a kind of semiconductor device of the present invention, comprising:
Be used to catch the sensing device of data folder; With
An encrypted circuit, it is connected to described sensing device, and described encrypted circuit comprises:
A plurality of memory cell, can comprise a state value and a distance of swimming hashed value, this distance of swimming hashed value is the hash result with the described data folder of described state value combination, before described transducer is used to catch described data folder, described state value is loaded into one of them unit of described a plurality of memory cell
A processor, it can (i) executable operations on described data folder produce described hashed value, (ii) digitally indicate described distance of swimming hashed value and (iii) export described distance of swimming hashed value, be used for time-marking operation and
A bus is connected to described a plurality of memory cell and described processor, and this bus makes described processor be communicated with described a plurality of memory cell.
According to the method for the integrality of a kind of data folder that keeps second source that is emitted to from first source according to the present invention, the method comprising the steps of:
A state value is loaded into a galaxy state (SOTU) memory cell;
Catch first Frame of described data folder;
Produce the first continuous Frame by at least described first Frame being carried out hash;
The described first continuous Frame is added to distance of swimming hashed value;
Described state value is added to described distance of swimming hashed value;
Digitally indicate described distance of swimming hashed value; With
To described distance of swimming hashed value time of implementation-marking operation.
According to a kind of semiconductor device of the present invention, comprising:
A transducer is used to catch data folder; With
An encrypted circuit is connected to this transducer, and described encrypted circuit comprises:
A plurality of memory cell, the state value that it can comprise a distance of swimming hashed value and load before catching this data folder,
A processor is connected to described a plurality of memory cell, described processor can the time described data folder executable operations, with establish described data folder be this state value openly after and captive before described distance of swimming hashed value is exported from encrypted circuit.
According to a kind of encrypted circuit of the present invention, comprising:
A plurality of memory cell comprise a distance of swimming hashed value and prior to catching the state value that a data folder loads; With
Processor is connected to described a plurality of memory cell, and described processor is to described data folder executable operations, with establish this data folder be this state value openly after and comprising the information disclosure of a distance of swimming hashed value before captive.
According to a kind of method that is used to keep be transmitted the integrality of data of the present invention, described method comprises step:
Obtain a state value from a remote source;
Catch first Frame;
Produce the hash result of described first Frame;
Produce a distance of swimming hashed value according to hash result and a state value; With
To described distance of swimming hashed value time of implementation-marking operation.
Description of drawings
From following detailed description of the present invention, it is clearer that the features and advantages of the present invention will become.
Fig. 1 is a target flow chart when producing synthetic digest conventional.
Fig. 2 is the block diagram of embodiment of the computer system of the acquisition equipment work in combination that adopts in the data catching function with security personnel.
Fig. 3 is the block diagram by the cryptographic operation finished of security personnel's data catching function.
Fig. 4 is the block diagram of an embodiment of security personnel's data catching function.
Fig. 5 is a flow chart, and it has shown in order to protect those treatment steps that the integrality of catching data folder is passed through regularly and sequence arrangement is carried out by security personnel's data catching function.
Fig. 6 is a regularly flow chart, and it has shown data folder is how to be timed between two time points.
Embodiment
The present invention relates to a kind of security personnel's data catching function that preferably in acquisition equipment, adopts with and corresponding method of operation.In the following description, some term is used to discuss some known encryption function.For example, data folder is to be the required information that is digitized as binary data of display video, audio frequency and text.This information comprises a Frame at least." key " is coding and/or decoding parametric, used by conventional cryptographic algorithm; That is: public key encryption algorithm Rivest for example, predetermined data cryptographic algorithm (" DEA ") or the like in Shamir and Adleman (" RSA "), symmetric key encryption algorithm such as the data encryption standard (" DES ")." certificate " is defined as and any digital information (typically being a Public key) that entity is relevant, encrypt with private key, this private key is grasped such as manufacturer or the extensive disclosed letter mechanism (for example: bank, government department, Finance House Association or the like) of putting by another entity." digital signature " is similar to certificate, but is used for authentication data, rather than its sender.
Referring now to Fig. 2,, wherein illustrate adopted the present invention and with the illustrative embodiment of the operation associated acquisition equipment 215 of computer system 200.This computer system 200 comprises the demonstration display monitor central monitoring system 205 with the PC platform that includes memory, processing hardware etc.Acquisition equipment 215 (for example video camera, digital camera or the like) separates with demonstration display monitor central monitoring system 205, and it can put into the shell that shows display monitor central monitoring system 205, or as shown in the figure it is installed in above the demonstration display monitor central monitoring system 205.When acquisition equipment 215 was caught the data folder (for example, computer user 220 physical features) of desired data, it arrived the PC platform by order wire 225 with the transfer of data that captures.Order wire 225 can be depicted as a cable electricity or optical fiber, wireless communication link or analog.
Because order wire 225 is that the public is accessible, this has assisted the integrality of the data folder of being caught with regard to prestige, has just adopted security personnel's data catching function 230 in acquisition equipment 215.This security personnel's data catching function 230 is caught data folder, and carries out numeral flag by Frame or the whole data folder that each is caught according to the method that this enforcement entity adopts, and the data folder of being caught is transferred to PC platform 210 safely.
, should expect existing other embodiment of the acquisition equipment that adopts security personnel's data catching function.For example, acquisition equipment can comprise the storage inside ability.Under the sort of situation, security personnel's data catching function 230 indicated data folder before storage, and do not need order wire 225 to set up and being electrically connected of computer system.Certainly, what should be thought of is that acquisition equipment can be a kind of audio recording device, be similar to security personnel's data catching function of Fig. 4 (following), it carries out digitlization to the audio frequency folder of numeral flag, rather than at the visual image that describes below.The spirit and scope of the present invention remain on the realization away from the security personnel's data catching function in first source in second source, and the purpose of its effort is to protect the integrality of transfer of data between the two.
As mentioned above, digital signature is used for the above embodiments, with the integrality of protection from the next data folder content of acquisition equipment transmission, and confirmation computer user's identity, and do not need to revise data folder with there is no need.As shown in Figure 3, numeral 310 produces from data folder 315, obtain by first source 300 (for example acquisition equipment 215 of Fig. 2), selectively with shown in additional information 335 combinations, finish arithmetic " hash " operation by the security personnel of the encryption in first source 300 hashing algorithm 320.This just makes data folder 315 be mapped to obviously little size from its arbitrary dimension (typical sizes), is commonly referred to " digest " 330.The reverse engineering of digest 330 on the time mode is practically impossible.Therefore, the private key " PRK1 " 340 of these digest 330 usefulness security personnel data catching function 230 is encrypted.Numeral 310 is accompanied by enciphered data 325, public's key (" PUK2 ") 355 that this enciphered data may be used second source 350 is by rsa encryption or use DES by the symmetric key encryption of generally acknowledging, although it is unwanted encrypting, because it is transferred to second source 350 (for example PC platform, memory or any other can receive the device of data).
If necessary, second source 350 uses its private key " PRK2 " 360 (or the DES key of generally acknowledging) that data 325 are decrypted, and the data that receive are carried out Hash operation, preferably also has additional information 335, this operation is identical with the Hash operation of carrying out in first source 300, to produce second digest 370.Simultaneously, second source 350 also uses public's key " PUK1 " 345 of security personnel's data catching function to come decrypted digital signature 310, to obtain the digest of digital signature 310." PUK1 " 345 can be provided by first source by transmission certificate (for example producer's certificate), and this is a known technology of the prior art.Digest 330 and 370 relatively, and if they are identical, just can guarantee the integrality of data and sender's mandate.
Referring to Fig. 4, it has shown an embodiment of security personnel's data catching functions 230.Security personnel's data catching function 230 comprises data capture circuitry 235 and encrypted circuit 240, and both preferably are integrated in the integrated circuit bag, to reduce the weakness that physics is altered.Data capture circuitry 235 is transducers of a routine, such as charge coupled device " CCD " (standard transducer that uses in the video camera), by the video sensor based on DRAM of the VLSI Vision Co., Ltd of Edinburg, Scotland exploitation, or any other similar techniques.On the whole, Video Capture circuit 235 comprises pixel capture array 400 and the control logic 405 that is used to control pixel capture array 400.
For the purpose of authorizing, nonvolatile memory 415 is also stored the unique public/private key relevant with security personnel data catching function 230 and certificate of manufacturer 440 to 340 and 345.This unique public/private key allows the data folder of catching to be encrypted before being positioned at another processor in second source or storage device and/or carried out numeral flag within security personnel's data catching function 230 being transferred to far-end from processing unit 410 to 340 and 345 storage inside.In addition, this the unique public/private key is to 240,245 and the certificate 440 of manufacturer allow far end systems (for example PC platform) to discern acquisition equipment uniquely, and authorize its candidate/response protocol, and set up " dialogue " key of symmetry if necessary, to support " symmetric key encryption ", to reduce the stand-by period of encryption and decryption data.As a result, just can not between the communication port between these sources, overlap eavesdropping and the folder of alternative precedence record or the data folder that change is caught, and do not detected by second source.
Preferably CS memory cell 420 and FS memory cell 421 are 32 bit register, and it collects the sequence number of ground storage 64 bits, and this sequence number increases in the back of catching of Frame at every turn.Therefore, this 64 bit sequence number is lifelong unique to each Frame of being caught by security personnel's data catching function 230.Ideally, when this sequence number increased at every turn, it was for good and all stored and can be recovered under the situation of power down., this just needs unusual high speed (for example: for Video Capture is 60 times/second) to store this sequence number.
For fear of producing high memory rate, this sequence number is stored in two parts.More specifically, " most important " of this sequence number part is stored in the CS memory cell 420, and " inessential " of this sequence number part is stored in the FS memory cell 421.As a result, FS memory cell 421 increases after each Frame is caught; , 420 in CS register just increases when following condition occurs:
(1) full load (being that the FS memory cell is from " FFFFFFFF " is rolled to " 0000000 ") appears in the FS memory cell; Or
When (2) security personnel's data catching function is powered.
Use this structure, FS memory cell 421 can be arranged in the memory of volatibility, and CS memory cell 420 is arranged in nonvolatile memory.When power supply was kept, this sequence number sequentially increased (never repeating), also had before the outage of security personnel's data catching function, and the required state of this sequence number is " logic " after per 232 are caught continuously.
If security personnel's data catching function power down, the value (i.e. " frame sequence ") that is stored in the FS memory cell 421 is lost, but the value (i.e. " folder sequence ") that is stored in the CS storage device 420 increases when the next one is switched on, and the result causes newly catching the new setting of unique sequence number of data folder.Therefore, even some number of frames is reused, guaranteed the uniqueness of each Frame of this data folder.
Preferably, 288 data bits that SOTU memory cell 425 can the big number of storage representation.This SOTU memory cell 425 is mounted with the state information state value in system's control from security personnel's data catching function outside (for example from relevant PC system), and can reload any time before catching data folder, and this depends on this state information.This state information produces in certain location on time in such a way, and promptly any time before this position is unpredictalbe.For example, this state information can be a synthetic digest, and it is the hashed value of possible 1,000,000 data sets, by the markers service provider it before disclosed moment, is being actually uncertain.This SOTU memory cell 425 can maybe cannot be removed when outage.
Random number produces generator 430 and is used to produce unique public and private key, in the co-pending application (application serial no is 08/251486) that is called " apparatus and method that safety traffic is provided " in name, it is proposed by co-inventor Derek L.Davis of the present invention.It is fixed that it uses preferably according to whether needing encryption function, but selectable (as indicated by dashed line).
With reference now to Fig. 5,, it illustrates the operating procedure of being finished by security personnel's data catching function in second source in transmission security personnel's data.The SOTU memory cell comprises from the outside previous state information (" state value ") of loading of this device, in case the step of describing among Fig. 5 begins, it just can not change.In other words, Fig. 5 represents " atom " process, and therebetween, the content of SOTU memory cell can not be revised.
Before catching data folder, in step 505 storage inside " distance of swimming hash " value is initialized to 0.Distance of swimming hash is the hashed value that was stored in the continuous renewal in the computer before the transmission time classification.In step 510, the Frame of data folder by the transducer that installs (for example: CCD pixel sensor array) catch, and increase by 1 at step 515 sequence number.If frame sequence is (step 520) that needs, sequence number is related with Frame so, to produce the Frame of sequence in step 525.Afterwards, the Frame of Frame or serializing is by hash, to synthesize distance of swimming hashed value (step 530).Under the situation that single frames is caught (relative with folder), distance of swimming hashed value will only be represented the hashed value of Frame or the data folder of serializing, owing to there is not Frame before to be included in this distance of swimming hashed value.
Below, Frame or serializing data can be sent to second source or be stored in outside (step 535).In addition, Frame or serializing data folder can be before this transmission or storages selectively encrypted (for individual's purpose).If this data folder is hunted down, wherein do not need sign, and more frame is hunted down as the part of data folder for each independent Frame, this process is caught other Frame (step 540) relevant with this data folder then.If do not comprise more frame in this data folder, or data folder is unique Frame, and then process enters into step 545.
In step 545, decision about this data folder whether the state value in the multiplexing SOTU of the being included in memory cell carried out chronological classification.If so, be included in the distance of swimming hashed value (for example, combined) at this state value of step 550 according to comprising by additional, cascade and any other mode of bit process.In step 555, distance of swimming hashed value utilizes the private key of acquisition equipment to indicate with being digitized.Finally, in step 560, state value, if chronological classification then distance of swimming hashed value is optionally arranged, and signature would be transmitted or would be stored in second source.This data folder then, sequence number, state value and digital signature can be analyzed in second source, to determine validity, as shown in Figure 3.
It should be understood that when the operation that catch data folder and be not the atomic time that this, technology can not be used (promptly operation is independently) effectively chronological classification to the numeral flag data folder of data folder.Reason is if be obtainable for software or other intrinsic this data folder of data handling system of not ensuring public security, and just can not guarantee that data folder does not produce on time in position early, and the state value and/or the sequence number that inserted before digital signature is carried out afterwards.This notable attribute is that the content of SOTU memory cell just was established before data folder is caught.This SOTU memory cell can not be loaded (by Design of device) between step 515 and 540.
Referring to Fig. 6, it has shown the exemplary timeline that the sequential of the chronological classification of catching data folder incident is provided.First timeline 600 comprises the cycle " Tx ", its expression per second, branch, hour, day, open day of the periodicity that occurred period of week or any regulation.Index " n " and " m " expression integer, wherein " Tn " appears at " Tn+m " before.The required continuous operating procedure (" Ot ", 1≤t 〉=9) that 610 expressions of second timeline are carried out by acquisition equipment (data catching function of ensuring public security more specifically) is so that " chronological classification " information.These operating procedures are independent of the above-mentioned open date, and they are used for the example purpose simply.At first, at " Tn " afterwards, state value is loaded into the SOTU memory cell, such as the hash of disclosed compound digest or newspaper homepage electronic edition.The value of prediction any of these number all is impossible before it is open.
Therefore, the Frame of first data folder is captured in O
2The time, but Once you begin, the SOTU memory cell can not loaded, up to current EO.After first Frame is hunted down, make the decision that whether needs frame sequence.If first sequence number is related with first Frame, to produce the Frame of first serializing, as O
3Shown in.At this frame sequence is under the unwanted situation, and the Frame of this first serializing or first Frame are by hash and at distance of swimming Hash step O
4In be stored.For second Frame of this data folder, this process is continuously (as O
5-O
7Shown in), and any Frame subsequently that forms this data folder.
For O
8, after all relevant operations were finished, the state value of SOTU memory cell was related with this data folder, to produce the data folder of expection.And state value is included in the distance of swimming hashed value that is digitized sign.In case sign is finished, this SOTU memory cell can be loaded in the next data folder preparing to catch., it should be understood that distance of swimming hashed value and its digital signature must time of delivery (TOD) mark provider business, with to O
9The deadline sort operation.
Can not load such as the SOTU memory cell and be used for before catching data folder by design hardware, just can guarantee to indicate that any data folder that specific state value is arranged must then be caught by this device this state value open (being designated as time point " Tn " in Fig. 6).By with distance of swimming hashed value time of delivery (TOD) tagged traffic provider, just guaranteed to catch this data folder on time before at this point (in Fig. 6, being designated as time point " Tn+m ").The data folder quilt " classification " of therefore, catching is between time point Tn and Tn+m.
Although described various embodiment of the present invention, under the situation that does not break away from the spirit and scope of the present invention, those skilled in the art realizes that other embodiments of the invention are conspicuous.And known circuit and operating procedure do not describe in detail, in order to avoid unnecessarily limit the present invention.Therefore scope of the present invention should be determined by claim.
Claims (36)
1. security personnel that catch data that are used for transmitting between two sources semiconductor device is used to comprise
Sensing device is used to catch data folder; With
Encryption device is connected to described sensing device, is used to protect the integrality of described data folder,
It is characterized in that,
Described encryption device comprises:
Storage device is used to store unique key to, distance of swimming hashed value and state value,
Processor device is used for described data folder executable operations, with establish this data folder be described state value openly after and described distance of swimming hashed value is being carried out time mark operation before be hunted down and
Bus unit makes described processor device and described storage communication, and described bus unit is connected to described processor device and described storage device.
2. according to the described semiconductor device of claim 1, it is characterized in that the described storage device of described encryption device is further stored a sequence number at least, for each Frame of described data folder, it is unique.
3. according to the described semiconductor device of claim 2, it is characterized in that the described storage device of described encryption device comprises a Nonvolatile memery unit.
4. according to the described semiconductor device of claim 3, it is characterized in that the described storage device of described encryption device also comprises a volatile memory-elements.
5. according to the described semiconductor device of claim 4, it is characterized in that, the described storage device of described encryption device also comprises a folder sequence memory cell, and described folder sequence memory cell is a nonvolatile memory, and it is included as the folder sequence number of more than first bit of described sequence number.
6. according to the described semiconductor device of claim 5, it is characterized in that, the described storage device of described encryption device also comprises a frame sequence memory cell, and described frame sequence memory cell is a volatile memory, and it is included as the number of frames of more than second bit of described sequence number.
7. according to the described semiconductor device of claim 6, it is characterized in that the described storage device of described encryption device also comprises a state storage unit, it is included in described sensing device and catches the described state value that loads before the described data folder.
8. according to the described semiconductor device of claim 1, it is characterized in that described sensing device is the transducer that comprises the pixel capture array and be used to control the control logic of described pixel capture array.
9. according to the described semiconductor device of claim 1, it is characterized in that, before described data folder was stored in the described storage device, described processing unit was carried out Hash operation to described data folder and is made it to become described distance of swimming hashed value, and described distance of swimming hashed value is the hashed value of a continuous updating.
10. according to the described semiconductor device of claim 9, it is characterized in that, described processor device produces the hash result to each Frame of described data folder, and wherein each hash result sequentially is stored in the described storage device, jointly to produce described distance of swimming hashed value.
11. according to the described semiconductor device of claim 10, it is characterized in that, described processor device links described distance of swimming hashed value and described state value, to produce the distance of swimming hashed value of a renewal, and the distance of swimming hashed value that digitally indicates described renewal is to output to an external source of time of implementation marking operation.
12. according to the described semiconductor device of claim 11, it is characterized in that, before described processor device links distance of swimming hashed value and described state value, described processing unit also links at least one hashed value and corresponding sequence number, to produce a continuous Frame that forms described data folder.
13., it is characterized in that described encryption device also comprises a randomizer according to the described semiconductor device of claim 1, right to produce described unique key.
14. a semiconductor device comprises:
Be used to catch the sensing device of data folder; With
An encrypted circuit, it is connected to described sensing device, and described encrypted circuit comprises:
A plurality of memory cell, can comprise a state value and a distance of swimming hashed value, this distance of swimming hashed value is the hash result with the described data folder of described state value combination, before described transducer is used to catch described data folder, described state value is loaded into one of them unit of described a plurality of memory cell
A processor, it can (i) executable operations on described data folder produce described hashed value, (ii) digitally indicate described distance of swimming hashed value and (iii) export described distance of swimming hashed value, be used for time-marking operation and
A bus is connected to described a plurality of memory cell and described processor, and this bus makes described processor be communicated with described a plurality of memory cell.
15., it is characterized in that described a plurality of memory cell of described encrypted circuit comprise according to the described semiconductor device of claim 14:
A non-volatile cell, it is right to comprise a unique key;
A memory cell can comprise described distance of swimming hashed value;
A galaxy state storage unit can be included in described transducer and catch the described state value that is loaded before the described data folder;
A folder sequence memory cell can comprise a folder sequence number that increases after this semiconductor device energized; With
A frame sequence memory cell can comprise one and catch the number of frames that increases behind the data folder at described transducer, and described number of frames is added to described folder sequence number to form a sequence number.
16., it is characterized in that the described non-volatile memory cells of described at least encrypted circuit and described folder sequence memory cell are made of nonvolatile memory according to the described semiconductor device of claim 15.
17., it is characterized in that the described frame sequence memory cell of described at least encrypted circuit is made of volatile memory according to the described semiconductor device of claim 16.
18., it is characterized in that described encrypted circuit also comprises a randomizer that is coupled to described bus according to the described semiconductor device of claim 14.
19., it is characterized in that described transducer comprises a pixel capture array and is used to control the control logic of described pixel capture array according to the described semiconductor device of claim 14.
20. according to the described semiconductor device of claim 14, it is characterized in that, before the described processor of described encrypted circuit produces described distance of swimming hash result, described processor to Frame of major general and corresponding sequence number links, to produce the continuous Frame that at least one forms described data folder.
21. wherein each the described semiconductor device according to claim 14 to 20 is characterized in that, described a plurality of memory cell constitute a single memory device.
22. a maintenance is emitted to the method for integrality of the data folder in second source from first source, the method comprising the steps of:
A state value is loaded into a galaxy state storage unit;
Catch first Frame of described data folder;
Produce the first continuous Frame by at least described first Frame being carried out hash;
The described first continuous Frame is added to distance of swimming hashed value;
After the described first continuous Frame is added to distance of swimming hashed value, described state value is added to described distance of swimming hashed value;
Digitally indicate described distance of swimming hashed value; With
To described distance of swimming hashed value time of implementation-marking operation.
23. in accordance with the method for claim 22, it is characterized in that before catching the described step of described first Frame, this method also comprises a sequence number update to described first source.
24. in accordance with the method for claim 23, it is characterized in that the loading of described sequence number comprises:
With a folder sequence number update that is stored in described first source, described folder sequence number is a plurality of higher bit that forms described sequence number.
25. in accordance with the method for claim 24, it is characterized in that the loading of described sequence number also comprises:
A number of frames that is stored in described first source is upgraded, and described number of frames is a plurality of bits of the described sequence number of formation except that the described a plurality of bits that form described folder sequence number.
26. in accordance with the method for claim 24, it is characterized in that the generation of the described first continuous Frame comprises:
The described sequence number that described first Frame is relevant with described first Frame links, to produce the described first continuous Frame.
27. a semiconductor device comprises:
A transducer is used to catch data folder; With
An encrypted circuit is connected to this transducer, and described encrypted circuit comprises:
A plurality of memory cell, the state value that it can comprise a distance of swimming hashed value and load before catching this data folder,
A processor is connected to described a plurality of memory cell, and described processor can be to described data folder executable operations, with establish described data folder be this state value openly after and captive before the described encrypted circuit output in described distance of swimming hashed value.
28., it is characterized in that described processor is carried out Hash function to described data folder according to the described semiconductor device of claim 27, so that produce a hash result, described distance of swimming hashed value is the hashed value of a continuous updating.
29., it is characterized in that described processor produces a hash result to each Frame of this data folder, so that produce described distance of swimming hashed value according to the described semiconductor device of claim 28.
30. the semiconductor device according to claim 26 is characterized in that, it plays a microprocessor.
31. an encrypted circuit comprises:
A plurality of memory cell comprise a distance of swimming hashed value and prior to catching the state value that a data folder loads; With
Processor is connected to described a plurality of memory cell, and described processor is to described data folder executable operations, with establish this data folder be this state value openly after and comprising the information disclosure of a distance of swimming hashed value before captive.
32., it is characterized in that the operation of processor is carried out Hash operation to described data folder before being included in and sequentially being stored in the described memory cell as described distance of swimming hashed value described data folder according to the described encrypted circuit of claim 31.
33., it is characterized in that the operation of described processor comprises that a Frame of the described data folder from described memory cell produces a hash result, produces described distance of swimming hashed value with the concentrated area according to the described encrypted circuit of claim 31.
34., it is characterized in that the operation of described processor comprises that described state value is attached to described distance of swimming hashed value and digitlization ground sign has the described distance of swimming hashed value of described state value according to the described encrypted circuit of claim 33.
35. according to the described encrypted circuit of claim 33, it is characterized in that, also described hash result linked to produce the continuous data frame that at least one forms data folder with corresponding sequence number.
36. a method that is used to keep be transmitted the integrality of data, described method comprises step:
Obtain a state value from a remote source;
Catch first Frame;
Produce the hash result of described first Frame;
Produce a distance of swimming hashed value according to hash result and described state value; With to described distance of swimming hashed value time of implementation-marking operation.
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| PCT/US1997/000958 WO1998034403A1 (en) | 1995-09-29 | 1997-01-30 | Apparatus and method for securing captured data transmitted between two sources |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1245612A CN1245612A (en) | 2000-02-23 |
| CN1161997C true CN1161997C (en) | 2004-08-11 |
Family
ID=22260267
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB971816069A Expired - Fee Related CN1161997C (en) | 1997-01-30 | 1997-01-30 | Apparatus and method for securing captured data transmitted between two sources |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN1161997C (en) |
| AU (1) | AU1834297A (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| DE60239718D1 (en) * | 2001-02-09 | 2011-05-26 | Canon Kk | Information processing apparatus and its control method, computer program, and storage medium |
-
1997
- 1997-01-30 CN CNB971816069A patent/CN1161997C/en not_active Expired - Fee Related
- 1997-01-30 AU AU18342/97A patent/AU1834297A/en not_active Abandoned
Also Published As
| Publication number | Publication date |
|---|---|
| CN1245612A (en) | 2000-02-23 |
| AU1834297A (en) | 1998-08-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US5966446A (en) | Time-bracketing infrastructure implementation | |
| CN1133935C (en) | Security system for protecting information stored in portable storage media | |
| CN106776904B (en) | The fuzzy query encryption method of dynamic authentication is supported in a kind of insincere cloud computing environment | |
| US20210194699A1 (en) | Blockchain-embedded secure digital camera system to verify audiovisual authenticity | |
| US20080276092A1 (en) | Method for Authentication of Sensor Data, and an Associated Sensor | |
| CN1805337A (en) | Secret shared key mechanism based user management method | |
| WO2019059453A1 (en) | Communication device and method using message history-based security key by means of blockchain | |
| CN1258359A (en) | Method and apparatus for signing and sealing objects | |
| CN110636028B (en) | Key generation device, encryption device, key generation and distribution system | |
| WO2014003497A1 (en) | Generation and verification of alternate data having specific format | |
| US5946396A (en) | System and method for ensuring integrity of audio | |
| US20070261061A1 (en) | System and method of aggregating and consolidating security event data | |
| CN113939820A (en) | Encryption key generation device and encryption key generation method | |
| CN108197496A (en) | Data safety Enhancement Method under cloud computing environment | |
| CN109587119A (en) | Data transmission system and method | |
| CN1161997C (en) | Apparatus and method for securing captured data transmitted between two sources | |
| CN108259606A (en) | Cloud computing public cloud file stores and search method | |
| CN108269610A (en) | Data reliability verifying method based on cloud computing | |
| CN1203439C (en) | Multimedia data encrypting method | |
| KR100745393B1 (en) | Video signal authentication system | |
| CN112398861A (en) | Encryption system and method for sensitive data in web configuration system | |
| CN115174602B (en) | Data processing method and system applied to fishery management | |
| CN115909560A (en) | Data encryption method, data decryption method and door lock system | |
| CN1913547A (en) | Card distributing user terminer, centre and method and system for protecting repaid card data | |
| CN108492424A (en) | A kind of access control system based on quantum cryptography |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20040811 Termination date: 20160130 |
|
| EXPY | Termination of patent right or utility model |