WO2018079554A1

WO2018079554A1 - Owner checking system

Info

Publication number: WO2018079554A1
Application number: PCT/JP2017/038373
Authority: WO
Inventors: 伸周浦壁
Original assignee: 株式会社アドバンス
Priority date: 2016-10-24
Filing date: 2017-10-24
Publication date: 2018-05-03
Also published as: JP2018073416A; JP7067892B2

Abstract

The present invention provides an owner checking system for realizing stable use of an IoT terminal device without being affected by virus programs. The owner checking system is provided with: a signal processing means that is equipped with an interface for performing an external operation directly or indirectly and that externally outputs data for which execution has been performed on the basis of the interface; a storage means that stores data attributable to an external operation; an exit gate means that, when the signal processing unit transmits data to the outside, compares data attributable to an external operation among said data with external operation data stored in the storage means, determines said data to be genuine data in the case where these data match, substantially match, or are approximate, creates authentication data corresponding to the external operation data, and performs transmission to the outside; and an entrance gate means that receives data transmitted from the outside, detects the authentication data from the received data, compares the authentication data with pre-stored comparison data, and receives the data as genuine data in the case where these data match, substantially match, or are approximate.

Description

Owner check system

The present invention relates to an owner check system.

Advances in computer technology and Internet technology have led to the provision of IoT (Internet of Things) such as smart home appliances, connected cars, home security, vending machines, healthcare and medical equipment.
As a result, the range of activities of computer viruses has increased, and the social effects of computer viruses have formed immeasurable situations, and the scope of cyber warfare has expanded and the effects are becoming familiar. Especially in the case of a limited interface such as an IoT device, since the automation of input / output operations via the Internet becomes high, it becomes wireless communication centering on software, so there are more security holes than ever before. Faced and will increase the possibility of malicious operation.
Once a computer terminal has been hijacked, it sends data without knowing the operation of the owner and is used as a bot for DDOS attacks or as a proxy computer terminal for hackers. Therefore, a mechanism for checking by the owner is desired.

Japanese Patent Publication No. 2008-500633 discloses a method for forming a virtual area on software to form a sandbox, executing a computer virus, and performing heuristic detection of the computer virus from its behavior.

Japanese Patent Laid-Open No. 2007-102697 discloses that a gateway device connected to a user terminal and installed at an entrance to an Internet network includes infection monitoring means for detecting whether or not the user terminal is infected with a computer virus, Terminal disconnecting means for disconnecting the user terminal from the Internet network when it is detected that the terminal is disconnected, and a recovery support device for the user terminal when the user terminal is disconnected from the Internet network by the terminal disconnecting means In addition, there is described a combined configuration of quarantine means, in which a recovery support device connected to the gateway device executes a computer virus quarantine process on the connected user terminal.

JP 2008-532133 A discloses a system for detecting a computer virus that impersonates a domain name system (DNS), which transmits a URL to a DNS server and makes an I P request. Means for receiving a notification of an IP address corresponding to the returning URL from the server, and comparing the received URL and IP address with URL data corresponding to a previously stored I P address, and receiving the I address received from the DNS server. A means for detecting whether or not the relationship between the P address and the URL matches is described.

In JP 2009-157523 A, the communication control apparatus 10 stores a first database 50 provided for each user, a user ID and an IP address assigned to the user's terminal in association with each other. 57, the user database update unit 460 that acquires the user ID of the terminal and the IP address assigned to the terminal from the connection management server 120, and registers them in the user database 57, and the IP address of the transmission source of the communication data including the data file A user identification unit that searches the user database 57 to obtain a user ID, a search circuit 30 that performs a search by referring to a record corresponding to the acquired user ID in the first database 50, and a computer virus based on the search result A process execution circuit 40 for filtering data files infected with It has been described to obtain.

The homepage (http://www.aist.go.jp/aistj/press release / pr2006 / pr20061122 / pr20061122.htm) AIST: Development of a high-speed virus check system using rewritable hardware)) A computer virus detection system using an array (FPGA, CPLD, etc.) is described.

In JP-A-2015-532756, when an administrator authority file of an IoT terminal is encrypted and moved to a server or the like that manages the terminal, and an update program is downloaded, the encrypted administrator authority file is A configuration for executing download decoding is described.

JP-A-2016-116130 describes that a pairing code during data communication between an IoT terminal and a wireless receiver is encrypted.

In JP-A-2015-122744, communication elements for connecting an IoT device to a specific system are written in blank fields of a multicast IP address and a multicast MAC address, and the IoT device reads data from these address data. It is described that the IP address is always monitored in order to connect to a specific system.

JP 2013-137745 A Japanese translation of PCT publication No. 2008-500653 JP 2007-10297A Special table 2008-532133 JP 2009-157523 A Japanese Patent Laying-Open No. 2015-532756 JP 2016-116130 A JP2015-122744A JP 2014-146139 A

JP 2008-500633 A discloses a computer virus program that is executed in a virtual space and detection of a computer virus based on its behavior, but the computer virus attacks this virtual space program, There is a possibility of disguise display, and other prior arts are all detected as virus programs, and the detection method of the back hand is disclosed with the template registered in the security software. It does not disclose countermeasures against virus programs.

Computer viruses can be stored at least continuously and can be transmitted and received inside and outside, so that the purpose of hackers and hackers can be achieved to a minimum. Therefore, Internet-connected devices called IoT are now subject to computer viruses. A DDOS attack has already been carried out in which an IoT device is infected, turned into a bot, and attacked, and the number of IoT devices at that time exceeds 100,000.

The method described on the homepage (http://www.aist.go.jp/aistj/press release / pr2006 / pr20061122 / pr20061122.htm) AIST: Development of a high-speed virus check system using rewritable hardware)) Computer viruses that already exist in a computer virus database and can be detected at high speed within this database range, but are not included in the database, such as recent targeted attack computer viruses. It is hard to say that it is possible to cope with.

At the present time of cyber warfare, it is considered that the best defense measure is to set a rule to always upgrade computer software, and the response to unknown computer viruses is still unclear.

Furthermore, IoT terminals with limited interfaces are more likely to perform various operations using wireless communication as disclosed in JP-A-2015-122744. This increases the possibility of infection of IoT devices.

In view of the above, the present invention has a direct or indirect interface, and based on the interface, signal processing means for outputting executed data to the outside,
Storage means for storing interface data;
When the signal processing unit transmits data to the outside, it compares the data with the interface data stored in the storage means, and determines that the data is genuine if it matches, substantially matches, approximates, or falls true, An exit gate means for adding the authentication data corresponding to the external operation data and transmitting it to the outside,
An entrance that receives data transmitted from the outside, detects authentication data from the received data, and receives it as authentic data when it matches, approximately matches, or approximates compared with comparison data stored in advance. The combination of gate means enables accurate data transmission that eliminates the effects of computer viruses.

Furthermore, the present invention provides a sensor unit that receives a desired operation and phenomenon and converts it into a sensor electric signal,
A signal processing unit including a transmission unit that converts sensor electric signals of the sensor unit into sensor digital data and transmits the sensor data, and a reception unit that receives data from the outside together with the authentication data;
Recording means for detecting and temporarily recording event data and event time data from the sensor output of the sensor unit;
When the transmission unit outputs sensor data to the outside, the sensor data and the event data and event time data recorded in the recording unit are read to detect the presence / absence of matching, approximate matching, approximation, or corresponding data Authentication means to authenticate with,
If the authentication means does not detect coincidence, almost coincidence, approximation or applicable data, it can authenticate that it is a signal output from the sensor output from the sensor output by having an exit gate that blocks the output of data to the outside Even when the interface is limited, it is possible to transmit data accurately without the influence of a computer virus.

Further, when the authentication means detects coincidence, substantially coincidence, approximation, or corresponding data, it authenticates that the sensor data is authentic, replaces, converts or adds the authentication data, and transmits it to the outside.
The authentication data can be authenticated by, for example, a management server that receives the sensor data, by comparing or collating with the data of the transmission source device stored in advance.

Furthermore, the present invention provides a sensor unit that receives a desired operation and phenomenon and converts it into a sensor electric signal,
A signal processing unit having a transmission unit that converts sensor electric signals of the sensor unit into sensor digital data and transmits the sensor digital data together with an authentication signal to the outside; and a reception unit that receives data from the outside together with the authentication data;
By providing authentication means for verifying whether or not the data output from the signal processing unit is authentic data by verifying the authentication signal, the sensor is stable regardless of the signal processing method of the sensor unit. Allows external transmission of data.
In addition, by verifying the authentication signal, it is possible to transmit authentic data without an interface by using a combination of authentication means for authenticating whether or not the data output from the signal processing unit is authentic data. In addition to being able to perform authentication, the authentication data can also be handled confidentially, so that the authentic data can be received, the influence of a computer virus illegally entering from the outside is eliminated, and stable IoT is achieved. Realize the use of the terminal.

In the present invention, when authenticating sensor data at the exit, event data and event time data detected from sensor data are compared or verified with sensor data, or additional data added to sensor data is stored in advance. Two configurations of data collation are shown, and both configurations may be used separately, or a combination of both may be used.

The direct interface in the present invention is exemplified by a keyboard, a mouse, a touch pad, a push button type, a slide type switch and the like connected to a computer terminal that transmits to the outside.

The indirect interface in the present invention indicates data output from a part to be processed when data processed by a computer terminal such as a sensor is transmitted to the outside.

The authentication in the present invention refers to, for example, extracting event data such as a characteristic part, a noise part, etc. and event time data in which this event data occurs from sensor data obtained by branching sensor data, and the like. When the sensor data is transmitted, the sensor data may be compared with the event data to indicate whether the data is coincident, substantially coincident, or approximate.

When additional data is added to the sensor data to authenticate the data output from the signal processing unit, or when the signal processing unit authenticates the authentication data added to the data input at the entrance that receives the data, a predetermined value Alternatively, a digital signal obtained by converting a measurement analog signal with an ADC (a unit (circuit) that converts an analog signal into a digital signal) may be used as additional data.

The predetermined value is, for example, data including a value that is outside or within the output range for outputting sensor information to be used but is not normally output (for example, the owner authentication signal is for an IoT device using a temperature sensor) Is digital data at 120 degrees or -50 degrees when the target temperature range for measurement is room temperature, and is the limit digital data obtained by AD conversion of the analog output of the sensor. ), A value with a range outside the normal range, or a normal range, part or all of the measured value is converted into digital data and added to form output data, which is illegal For this purpose, it is possible to make analysis difficult when intercepting and analyzing transmitted / received data.

In addition to the additional digital signal added to the sensor data transmitted by the signal processing unit, the authentication data is a control unit that performs an owner check. Additional digital data that is added by replacing or converting the additional digital signal, or a sensor In some cases, it includes digital measurement data obtained by measurement.

When indirect interface data such as sensor data is transmitted together with the additional data from the signal processing unit, the control unit compares the pre-stored additional data with the additional data to be output, and the matching, In the case of coincidence, approximation or matching, indirect interface data such as sensor data is transmitted to the outside. At this time, the additional data is replaced and converted into authentication data, and transmitted to the outside together with the sensor data.

In addition, when authentication data and an update program are transmitted to the signal processing unit from the management server or the like, the control unit that performs the owner check at the entrance of the so-called signal processing unit reads the authentication data and compares it with the data stored in advance. When there is a match or a close match, this update program is permitted to be executed.

Further, the additional data added to the sensor data output from the signal processing unit may be used as the data for owner authentication as it is, or may be data that is further added with identifiable text data or newly replaced. . Further, in the case of adding to the transmission data as authentication data, it may be partially transmitted embedded in a plurality of packets or may be transmitted collectively.

The authentication data may include a part of the IP address ipv6 and ipv4 of the communication partner and one's own, and when authenticating with analog data, when analog data is converted into digital data, a value exceeding the threshold value is digitally converted. Authentication data including information of a transmission source or the like may be formed by pulsing and including the meaning of an ip address or the like.

The authentication data preferably originates from the sensor output provided in the IoT terminal as described above. However, if the authentication data does not have a sensor and has an analysis unit that receives and analyzes an electrical signal as it is, for example, Data resulting from operation may be used as indirect interface data. Alternatively, the other party's IP address, MAC address, etc. may be detected from the authentication data, and data may be transmitted and received while confirming the other party.

In addition, when a direct interface is provided, such as a wearable device, the user's operation is memorized, time-series output, or roughly classified operation output (character input, purpose, etc.), or a series of Operation output is stored as additional data, and when this device transmits data to the outside, this additional data and the transmitted data are collated, matched, or nearly matched, or approximated and determined as genuine data and output It may be. Further, the output data may be replaced, compressed or converted so that the additional data can be compared in a more compact state.

Further, the authentication data may be encrypted to enhance the protection.
As the encryption, for example, a cryptographic algorithm such as a shared key method or a public key method, or a stream cipher such as a Burnham cipher may be used. In particular, the present invention may use a computer chip arranged in a very small space called IoT, so that the memory capacity for storing digital data is also small, so that the Burnham can be configured relatively easily with hardware. Encryption, synthetic encryption, and other stream ciphers can be suitably used.

The sensor unit in the present invention is a connected car, such as one that detects the state of each component of temperature, humidity, position, inclination, rotation speed, acceleration, pulse wave, electrocardiogram, blood flow, blood pressure, GPS, factory, plant, etc. Examples of sensors included in so-called IoT devices such as one or more arranged in smart home appliances, robots, wearable devices, plants, factories, public facilities, etc., are exemplified as ultra-small sensors that are made into chips. .

When the sensor unit is connected, the signal processing unit according to the present invention includes an AD converter and a DA converter depending on the case, and a program such as a microcomputer incorporating a unit for infrared input / output, electromagnetic wave input / output, etc. The digital operation may be performed by an IoT device, but an IC including a gate array such as FPGA or CPLD may be used instead of a stored program type microcomputer.

The event data and the event time data in the present invention are data output from the sensor unit, for example, and indicate noise signals, abnormal signals, feature signals, and the like.

The event time data is the time when this event occurs, and indicates the time when the time recorded by the signal processing unit is synchronized with the time recorded by the owner check unit.
The event time data only needs to know at least the time at which the sensor unit output the event data. For example, the event time data may be any data as long as the signal processing unit and the owner check unit measure the absolute time.

The storage unit in the present invention is ROM, RAM, NVRAM, FEPROM, SD card, USB memory, SSD, HD, or other media, and a writable storage unit is formed by a single unit or a combination thereof.

The input / output unit in the present invention is for transmitting and receiving packet signals for connection to an external network, and is a unit for inputting and transmitting data in a known format such as Ethernet (trademark) specifications. Indicated by

In the case of using another wireless medium such as an infrared LED or the like in addition to the antenna in the present invention, which is formed of a conductive member based on a frequency band forming a so-called wireless LAN, the antenna along the medium is exemplified. The

Since the present invention mainly shows a configuration for an IoT device, the Internet using a communication standard such as TCP / IP or FTP is mainly used as a network. However, Bluetooth (registered trademark), infrared rays, etc. Since the wireless medium is also used in the local area, it includes not only the Internet but also other media and networks based on communication standards.

The present invention determines that the IoT device having a limited interface is authentic data by comparing sensor data with event data and event time data separated and extracted from the sensor data and / or comparison of added authentication data. By only allowing data to be input and output, it is possible to protect against external attacks, and even if a computer virus script is embedded inside and executes infection, sensor data and event data and If event time data matches, approximately matches, approximates, does not correspond, or authentic additional data cannot be detected, data transmission to the outside is blocked to prevent attacks from malicious sites and However, since data is not output to the outside, a stable IoT terminal can be used.

Also, when the owner authentication data is inspected, it is difficult to easily obtain authentication data by inspecting it as analog data, and it is possible to protect against computer viruses.

In addition, it is possible to protect against computer viruses by encrypting authentication data with a stream cipher with high secrecy even though it is small, and it is possible to form a system using a stable IoT terminal.

It is a schematic diagram which shows one Example of this invention. It is a flowchart for demonstrating operation | movement of the Example of this invention. It is a flowchart for demonstrating operation | movement of the Example of this invention. It is a schematic diagram which shows the other Example of this invention. It is a schematic diagram which shows the other Example of this invention. It is a schematic diagram which shows the other Example of this invention. It is a schematic diagram which shows the other Example of this invention.

The present invention is located at the entrance and exit of a terminal equipped with automatic processing (indirect interface), manual processing (direct interface), and other IoT devices. It is preferable to configure the unit (circuit) that is physically independent from the device or the like.

The present invention converts a direct interface such as a touch pad, operation switch, and keyboard or an indirect interface such as sensor output data, and data based on this interface into a digital signal, and then performs signal processing. In the signal processing unit that outputs data based on the selected interface to the outside,
Event data consisting of parts that are characteristic from the interface-based data, unnecessary parts that are not used, such as noise, and event time data when this event data occurred are stored in advance, and the signal processing unit sends the data based on the interface to the outside When transmitting, when the stored event data or the like is present in the data based on the interface, it is determined as authentic data, and the authentic data and authentication data are combined and transmitted to the outside.
When data based on the interface created by the signal processing unit is to be transmitted to the outside, the additional data is added to this data, and if this additional data matches the pre-stored additional data list, the authentic data Judgment was made by combining both the additional data used as authentication data or the additional data replaced with authentication data while leaving a trace (trace authentication data) and the data based on the interface created by the signal processing unit. Either or both of the configurations for transmitting the object to the outside are performed as exit processing.

Further, according to the present invention, at the entrance of the IoT device, the authentication data is extracted from the input data and compared with or collated with the authentication data registered in advance to determine whether the data is authentic.

In this way, an indirect or direct operation in which the authenticity of data formed by the direct interface or the indirect interface is stored in advance at the entrance for receiving data from the outside of the IoT device and the exit for transmitting data to the outside. By comparing part of the interface data obtained by performing the interface with the interface data to be transmitted and judging the authenticity, it is possible to use a stable IoT device that is not affected by computer virus infection, etc. And

In addition, at the entrance, it is possible to input / output stable data without being attacked by an external computer virus by detecting and collating authentication data included in the transmitted data.

The present invention is mainly a device whose main task is to convert sensor data into digital data and transmit / receive it. However, the present invention is not necessarily provided with a device for sensing, for example, an electric device that receives and drives data from the Internet. A one-way device such as a drill or a PC terminal such as a wearable terminal, a tablet, or a smartphone, which includes an operation interface such as a keyboard or a touch panel is also included.

Authentication data, owner authentication data, trace of authentication data (data converted by replacing the owner authentication data) data, event data and event time data are data for authenticating the data of the legitimate transmission source, It is preferable that the content and size are sufficient to prevent spoofing.

Specifically, when sensor data, operation data, or the like is transmitted from the terminal, genuine data is determined by whether or not event data or operation trajectory data stored in advance is included in the sensor data or operation data. If the data is determined to be authentic data, the authentic data obtained by replacing, converting, or adding the additional data to the authentication data (data stored externally in advance and comparable) is transmitted.

The receiver separates and extracts the authentication data from the transmitted data, compares this authentication data with the data stored in advance, and determines that the data is authentic if it is the same or approximately the same.

This authentication data can be encrypted to further improve confidentiality.
Encryption has a protection function against computer virus attacks, but the size of the encryption algorithm software is limited because the IoT terminal itself is small.
Therefore, it is preferable to use, for example, an XOR (exclusive OR) IC chip, a random number generation circuit, or a stream cipher type encryption that can reduce the configuration constituted by a combination of a sequence generator and a selection circuit.

Since the random number generator circuit has periodicity, it employs a composite Burnham encryption method in which multiple sequence generator circuits are mounted in an IC chip and a signal for selecting this is output together with authentication data. By doing so, it is possible to form a cryptographic circuit that is small in size, excellent in secrecy, and fast.

Furthermore, the present invention may separately utilize communication using infrared and electromagnetic waves as a wireless medium in addition to transmission / reception of data mainly using a wireless LAN.

Next, an embodiment of the present invention will be described in detail with reference to FIG.

In the figure, 11a is an inlet control unit, which is composed of a microcomputer, a gate array, and the like, and preferably an input / output port that can be connected to an AD converter (ADC), other transmission / reception units such as Bluetooth (registered trademark), infrared data, etc. Is formed.

11b is an outlet control unit, which has the same configuration as the inlet control unit 11a. Both are separated for explanation, but may be integrated into one control unit. Good.

11c is a D / A converter, which is a circuit for converting a digital signal into an analog signal, and may be built in the control unit, but is shown as a separate configuration for explanation.

11d is a transmission / reception unit A, which is configured by an infrared LED, a phototransistor, a photodiode, an antenna, and the like, and enables transmission / reception of data by a wireless medium 11e including infrared rays, electromagnetic waves, and the like. The transmission / reception unit A11d transmits / receives data to / from the transmission / reception unit B17b. The transmission / reception unit A11d and the transmission / reception unit B17b may be the same as those currently used for infrared communication and Bluetooth (registered trademark) communication with IoT devices. It is preferable to use one that includes a unit such as a port that supports communication.

12 is an authentication device, which includes a microcomputer, a storage memory, and the like. In the case of a microcomputer, the inlet control unit 11a or the outlet control unit 11b may be used instead.

The authentication device 12 stores event data and event time data in the sensor data output from the signal processing unit 17.

Further, the authentication device 12 stores additional data for comparison that is used when additional data is added to the sensor data and outlet authentication is performed by the control unit.

The authentication device 12 includes the comparator 12a shown in FIG. 1 as a part, and exemplifies a general circuit using an operational amplifier.

The comparator 12a is a circuit in which the output of the output terminal 12a3 is inverted when the input voltage of the input terminal 12a1 exceeds the threshold voltage 12a2.
The comparator 12a is an example of a comparison detection unit, and is not limited thereto, and may be any circuit that changes the output of the output terminal 12a3 when the input voltage exceeds the threshold voltage 12a2.

A plurality of the comparators 12a are arranged, and the threshold voltage is set to an upper limit and a lower limit, respectively, and a band-like threshold is set, or a signal obtained by exceeding the threshold voltage 12a2 is pulsed to output as a digital signal having code information. May be. In this case, since the code information indicates authentication data, authentication data that is more difficult to decipher can be obtained.

Reference numeral 13 denotes an entrance gate, which is mainly configured to block, limit, and delay the movement of the signal from the input / output unit 15 to the signal processing unit 17 and the signal of the input / output unit 15 to the entrance control unit 11a. It is preferable to form a state in which the movement of data is interrupted at least during authentication.

14 is an exit gate, which mainly performs transmission transmission or branch transmission of the transmission data from the signal processing unit 17 to the input / output unit 15 to the exit control unit 11b, and performs blocking and connection.

Numeral 15 is an input / output unit for demodulating the modulated signal transmitted from the antenna 16 and converting it into a digital signal, and includes a front-end circuit.

Reference numeral 16 denotes an antenna, which is made of a conductive member having a length, a width, and the like corresponding to a radio frequency to be used, and is formed of, for example, a smartphone antenna for GHz from several hundred MHz. The antenna 16 is used when wireless communication is used. However, the antenna 16 is not necessarily wireless communication, and may use wired communication such as Ethernet (registered trademark), or may be appropriately selected.

Reference numeral 17 denotes a signal processing unit, which preferably has an AD converter and a Bluetooth (registered trademark) unit used in an IoT device or has a port connected to these.

Reference numeral 17a denotes an additional signal output unit, which includes a RAM (for example, a state in which additional signal data is received when necessary from other continuously recordable media), ROM, NVRAM, EEPROM, It is composed of an SD card, a USB memory or the like, and is used for storing additional signal data in the storage memory in advance and outputting the data in response to a request from the signal processing unit 17.
When a direct interface such as a keyboard, a switch, or a touch panel type operation switch is connected, the additional signal output unit 17a may include time series trajectory data of the interface operation as direct data.
When using indirect interface data such as sensor data, the additional signal output unit 17a may be unnecessary.

17b is the transmission / reception unit B, which has the same configuration as the transmission / reception unit A11d described above.

Reference numeral 18 denotes a storage unit that stores an OS program, an application program, and the like that operate the control signal unit 17, and is a sensor electrical output of the sensor unit 19, which temporarily stores the digitized data for a predetermined period. There is also a case of memorizing inside.
The storage unit 18 further includes specific additional data. This is data that is formed when a legitimate program is started and sensor digital data is output from the sensor unit, and is unnecessary when comparison of event data or the like is performed by the exit control unit 11b. .

Reference numeral 19 denotes a sensor unit, as long as it is a sensor used in an IoT device as described above. At least a group is formed for each sensor, and the authentication device includes a similar sensor for each group. Although it is preferable, it is not limited to this.

Reference numeral 19a denotes an AD converter for converting the sensor data output of the sensor unit 19 into a digital signal. The outlet control unit 11b may be built in, or the sensor unit 19 may be built in. It is added for the purpose. It is omitted in FIGS. 4 to 6.

Reference numerals

20 and 21 denote an entrance-side electrical communication path and an exit-side electrical communication path, in which wired and wireless are shown, but here, examples using wired are exemplified.
When wireless connection is used, data is transmitted / received via the transmission / reception unit A11d and the transmission / reception unit B17b.

22 is a wireless router, and in some cases, by providing a gateway function, authentication using authentication data may also be performed at this part.

23 is a management server for operating the IoT terminal including the control unit 17 or uploading data to the signal processing unit and then executing it to update the program.

24 is a network, which is mainly used as the Internet, but may indicate an intranet, extranet, Bluetooth (registered trademark), or a short-range network using infrared rays.

Next, the operation of the entrance control unit (entrance processing) when the signal processing unit 17 of FIG. 1 inputs data from the external management server 23 or the like will be described with reference to FIG.

The program that operates in the signal processing unit 17 is, for example, a WEB server type program, and operates based on this program.

A signal processing unit that does not have an interface or a signal processing unit that has an interface limitedly illustrates that uploading and executing an update program is automatically performed by performing packet communication using TCP / IP, FTP, or the like. The

When data is transmitted from the management server 23 to the signal processing unit 17, a modulated packet signal is output from the wireless router 22 and transmitted to the input / output unit 15 via the antenna 16. The input / output unit 15 demodulates the modulated packet signal and transmits it to the entrance gate 13.
There are cases where the data addressed to the signal processing unit 17 is different from the update program and the authentication data, and packet data having different IP addresses may be transmitted. Data indicating the relationship is also included in both as authentication data. It is preferable that

The entrance gate 13 outputs this packet signal to the entrance control unit 11a. At that time, when the signal is a packet including data and the communication destination is the signal processing unit 17, the entrance gate 13 may pass it for a predetermined time after authentication, for example. In some cases.

When the program is supplied to the signal processing unit 17, there are updates, changes, additions, etc., and the signal processing unit that does not have a limited interface for performing artificial input executes after downloading. In the example, the execution is not performed unless there is an execution permission signal from the transmission / reception unit B17b, or the execution is not performed unless the execution permission signal is transmitted to the signal processing unit 17 from the input control unit 11a via the entrance gate 13.

The management server 23 which is a transmission source that transmits the first program transmits packet data for starting supply to the signal processing unit 17. When the signal processing unit 17 receives this, the download execution code is automatically prepared for activation.

The entrance control unit 11a confirms whether or not an input of a packet addressed to the signal processing unit 17 has been received (201), and if there is reception of packet data, a packet addressed to the signal processing unit 17 (yes), Whether or not the owner authentication has been completed is confirmed (202), and if it has been completed (yes), it is further confirmed whether or not a predetermined time has passed (203). This predetermined time corresponds to the expiration date of the owner authentication. If this is shortened, the security can be further improved. However, if it is too short, time is taken only by this authentication. It is shown that the process is performed at intervals of several seconds to hundreds of seconds.

If it is within the predetermined time (no), the packet data is transmitted to the signal processing unit 17 in step 219. The signal processing unit 17 shows a case where a process for processing the data in the packet and extracting the payload data is shown, and after combining the payload data decomposed within 1500 bytes into one code, A means for executing this is also provided.

If the owner authentication has been completed and a predetermined time has elapsed (203) (yes), or if the owner authentication has not been completed (202) (no), it is confirmed whether the packet data is the first packet data (204).
If it is the first packet data, an authenticable time limit (A time) is set and counting is started (205).
By making this authenticable time finite, it is possible to determine whether or not the management server 23 performs regular transmission and to check whether there is an abnormality in the network.

The entrance control unit 11a extracts data indicating the location of the authentication data from the authentication device in order to confirm whether or not the authentication data exists in the packet signal.

Since the size of one packet is determined to be 1500 bytes or less, the authentication data may be divided and embedded across all or a plurality of packets.
As the embedding location, for example, the first few digits are embedded after several bytes of a predetermined margin, and the predetermined margin may be stored in the authentication device 12.

Next, it is checked whether or not the owner authentication data is included in the packet by performing the above-described inspection (206). The inspection can exemplify whether or not an identification symbol indicating authentication data in the packet is included.

If it is included (yes), it is confirmed whether it is the first owner authentication data. If (yes), the owner authentication data confirmation time timer (B time) starts counting (209).
If the owner authentication data has not been received (206), it is confirmed whether A time has elapsed (207). If it is within A time, the next step (201) of receiving input packet data is performed. If A time has passed (yes), it is determined that there is no input packet data, and A time, B time Is reset (216), and when the construction of authentication data is started, the built-up authentication data is reset (217), and the process returns to the input packet data reception step (201) again. When input / output of data is performed while temporarily storing data in the buffer, such as when the data communication speed is high, the processing time of the input packet at the time of authentication is limited so that there is no erasure due to data leakage etc. It is preferable.

If the next owner authentication data is received or no owner authentication data is received (208), it is confirmed whether or not the B time has elapsed (210).
When the time B has elapsed (yes), the authentication has timed out, the time A and time B are reset, and the data accumulated as authentication data is reset (217), and the input packet data reception step Go to (201) and wait for packet data. If the B time has not elapsed (no), a part of the received owner authentication data is temporarily stored, and fragmented authentication data is combined (211).

It is confirmed whether all owner authentication data has been accumulated and the owner authentication data has been formed (212). If it is insufficient (no), the receiving step (201) waits for reception of an input packet. If all the authentication data can be acquired and combined to form the authentication data, the owner check authentication is performed in the next step (213).

The owner check authentication is performed by comparing with the owner check data stored in advance by the authentication device 12. In addition to authenticating the owner, the owner check authentication is decrypted if the authentication data is encrypted. In some cases, it is determined whether the value is true owner authentication data.
Further, when the authentication data is digital data representing analog data, it is converted into analog data by the DA converter 11 c and input to the input terminal 12 a 1 of the comparator 12 a of the authentication device 12.
The voltage of the input signal input to the input terminal 12a1 is compared with the threshold voltage 12a2, and when the voltage exceeds the threshold, the output of the output terminal 12a3 is inverted. When the inverted data is input to the entrance control unit 11a, it is determined that the authentication data is true. In addition to comparison with a preset threshold value, the measured sensor data and a part of the measured sensor data extracted as additional data may be converted into analog signals and then compared. For example, in the case of a pulse wave, a pulse wave at a characteristic part having a relatively high peak voltage may be extracted and recorded as additional data and used as owner check data using an analog signal.

When the owner authentication data is false (214) (no), the entrance gate 13 and the exit gate 14 stop transmitting or receiving data or enter a shut-off state, and further store all data such as A time, B time and authentication data. Reset and, depending on the case, an alert is output to the user (215).
Note that the management server 23 can detect an abnormality at this terminal due to the interruption of communication due to physical interruption at the entrance gate 13 and the exit gate 14, so that an alert may not be necessary.

Furthermore, the entrance control unit 11a outputs a deletion signal to the transmission / reception unit A11d. The transmission / reception unit A11d transmits a deletion signal via the wireless medium 11e and the transmission / reception unit B17b, and the signal processing unit 17 receives the signal and deletes data such as a downloaded program. If the owner authentication data is true (214) (yes), the recording of the A time and the B time is reset (218), and the input packet data is transmitted to the signal processing unit 17 via the entrance-side electric communication path 20 ( 219).

Further, an execution permission signal is output to the transmission / reception unit A11d, and the signal processing unit 17 receives the execution permission signal and executes the downloaded program.
The target update program or the like is downloaded to the signal processing unit 17 but cannot be executed unless a specific signal is input from the transmission / reception unit B 17b, for example, during the authentication operation in the entrance control unit 11a. By just downloading, data confusion can be prevented during high-speed communication.

For attacks that send large amounts of meaningless or meaningless data such as DDOS attacks or flame attacks that send a large amount of meaningful data, even if the other party can authenticate, the range of the predetermined time It is detected whether the amount of data (number of packets) received within the network is an abnormal amount (exceeds the predetermined packet value within a predetermined time). A server attack can be prevented and an abnormal situation can be notified to the management server 23. A terminal such as an IOT device needs to be accommodated in a very small terminal in which, for example, a space for storing a key, a ticket or the like has a small capacity, or a function and a memory that are necessary, or less than a storage amount corresponding to the amount. In this case, the interruption of the network connection is more effective for notifying the management server of the abnormality while reducing the number of necessary devices.

The operation when data is transmitted to the outside of the embodiment shown in FIG.

The sensor output of the sensor unit 19 is supplied to the signal processing unit 17, but is also supplied to the AD converter 19a. The sensor analog data is converted into digital data and supplied to the outlet processing unit 11b. The

The outlet processing unit 11b measures characteristic data in the sensor unit data with time.
The characteristic data is, for example, time data when noise is added to the signal due to the movement of the electrode and sensor. Is this time data synchronized with the time when the sensor data is processed by the signal processing unit 17? Record with time data to know when it occurred.

In the case of noise, the signal processing unit 17 may delete the data. However, since there is a case where recording is performed over time, data indicating no data at that time may be output from the signal processing unit 17. .
For example, in the case of heart rate data, data and time indicating the phenomenon when the heart rate is lower or higher than normal are recorded.
Further, when the sensor unit 19 outputs a normal output stably without any fluctuation, data indicating that the data is stable at a predetermined time interval is recorded.
This event data and event time data indicating the occurrence time of this event data are accumulated.

When the signal processing unit 17 transmits data to, for example, the management server 23, data to be transmitted in advance is transmitted, and a data supply path to the exit control unit 11b is formed.
When transmitting the sensor data of the sensor unit 19 to the management server 23 or the like, the signal processing unit 17 outputs output packet data including data for transmission to the exit control unit 11b via the transmission / reception unit B17b, and outputs the output control unit 11b. Receives the packet data for transmission (301).

Next, the exit control unit 11b confirms whether event data and event time data are input (309).

At this time, the exit gate 14 may be blocked so that packet data including data in the payload in the packet is not output to the input / output unit 15, but in the case where the payload does not particularly include data such as not including sensor data. In some cases, it may be output.

When the event control data is not included, the exit control unit 11b searches and detects whether or not additional data is included in the output packet data (309).

If event data is stored, whether or not the event data and the event time data match, approximately match, approximate, or relevant data is present in the sensor data output from the signal processing unit 17 in the next step 303 Searched. Match indicates that the data match or that there is no data between the event time data (deleted because of noise), and the approximate match indicates that the different time width is within the specified width Or a state where the degree of the event is a predetermined width.

“Approximation” indicates a case where there is a coincidence or almost no coincidence but the possibility exists at a predetermined ratio. The predetermined ratio varies in advance depending on the sensing target. For example, in the case of a heart rate, the event time data as an occurrence time may be slightly different, but may be the same due to the possibility of heart disease.

“Applicable” indicates, for example, a case where the IOT device detects data indicating a similar phenomenon in which a biological signal has a specific individual difference in a specific time, phenomenon, and output mode.

The additional data is stored in the additional signal output unit 17a, and includes data indicating sensor data processed in the first, intermediate, or last packet when the control processing unit 17 tries to transmit data. Digital data or digital data to be converted into analog data.

This data is preferably data specific to the signal processing unit 17, and other than the measured data, it belongs to the type of data output by the sensor, and it is obvious that the sensor cannot measure whether critical data is unknown. Data that is known to be unique to each other is exemplified.

The data in the case of converting to analog data is digital data from which analog data indicating the value is obtained when the digital signal is D / A converted. In addition, when time-series operation data (direct data) obtained by the user operating the interface is included, the transmission data is compared with this time-series operation data, and the match, mismatch, or It may be determined whether there is approximate data.

When this additional data is detected by the exit control unit 11b (step 302 (yes)), an owner check authentication step is activated (303).
The exit control unit 11b inputs the data to the D / A converter, and then inputs the obtained analog data to the comparator 12a in which a predetermined threshold is set.
When the output of the comparator 12a changes from high to low or from low to high, the value is shown to be owner-created data and the owner is permitted (yes).

If the permission is not permitted in step 304, the egress gate is blocked, or at least the packet including data in the payload is not output to the outside (306).
When the exit gate is blocked, the terminal icon becomes invisible on the network, and thus there may be a case where an abnormality can be indicated to the management server 23.

If the owner permission is given in step 304 (yes), if the event data and the event time data are compared, a part of the preset authentication data is written in the margins of the plurality of subsequent output packets. The received packet data is instructed to the signal processing unit 17. In the case of authentication by additional data, this additional data is deleted from the output packet (305), and packet data in which a part of preset authentication data is written in the margins of the plurality of subsequent output packets is subjected to signal processing. The unit 17 is instructed (307).

Step 305 may be unnecessary when comparing sensor data output from the signal processing unit 17 with event data temporarily stored in the exit control unit 11b.

In addition, you may instruct | indicate via the transmission / reception unit A11d to add new data to the site | part from which the additional data was deleted.
If time-series operation data exists, it may be converted into authentication data stored in advance.
When authentication is performed by adding additional data to the sensor data, this additional data is replaced with another authentication data or deleted by conversion or the like, so that the authentication data (additional signal) is not leaked to the outside. As confidentiality increases, it can be used as new authentication data.

The output packet data in which the authentication data is embedded is transmitted to the input / output unit 15 (308). The input / output unit 15 modulates the packet data, amplifies the power, etc., and outputs it to the antenna 16 as a wireless output enabled state. To do.
Packet data output from the antenna 16 is received by the wireless router 22 and transmitted to the management server 23 via the network 24.
The management server 23 separates and extracts the owner authentication data from the received packet data, and verifies whether the data is from a legitimate terminal.

Here, the owner authentication data divided and embedded in the packet is input to the DA converter, for example, like the additional data, and then compared with the threshold value by the comparison unit to confirm that it is the true authentication data. In some cases, such a configuration may be used.
Since IoT devices handle analog data, microcomputers with built-in AD converters and DA converters, FPGAs, and CPLDs are used, and the configuration can be simplified by performing authentication using analog data. Even if an IoT device is infected with a computer virus by a control unit that is automatically separated and is controlled by a malicious program, the connection with the outside is controlled based on the authentication data, so that the computer virus The influence of can be cut off.

Also, unless the data input from the entrance gate includes authentication data, an executable computer virus is not formed in the signal processing unit, so that it is possible to block attacks from the outside.

In the example shown in FIG. 3, when the signal processing unit 17 tries to transmit data to the outside of the management server 23 or the like, it is checked in advance by the exit control unit 11 b and the sensor data is authentic by collating event data or the like. If it is authenticated, the fact is transmitted to the signal processing unit 17, and the signal processing unit 17 transmits this sensor data to the management server 23 via the exit gate 14.

In addition, when the sensor data is authenticated based on the additional signal and the genuine additional signal is added, an instruction to replace the additional signal with the authentication data is sent to the signal processing unit 17 to output the packet data for output. Change and output.

When a protocol that allows communication only between the exit control unit 11b and the signal processing unit 17 is used, the exit control unit 11b receives the packet data output from the signal processing unit via the exit gate 14. After the inspection, the additional signal may be deleted, packet data with new authentication data added may be created, and this may be transmitted from the exit control unit 11b to the management server 23. In this case, it is preferable that the IP address of the exit control unit 11b is registered in the management server 23. However, in the case of encryption or the like, registration may not be necessary because the decryption process is authenticated.

The signal processing unit 17 transmits only sensor data, the exit control unit 11b transmits authentication data, and the management server 23 authenticates using both to acquire authentic data.

Next, another embodiment will be described with reference to FIG.

In the figure, reference numeral 40a denotes an entrance / exit control device, which is a part for transmitting and receiving data from the outside. Reference numeral 40b denotes a sensor data processing unit that converts the sensor output signal into digital data and outputs the digital data to the transmission / reception unit B410 that performs near-field transmission / reception using infrared and radio waves as a medium.

401 is a control unit, which is composed of a microcomputer including the DA converter and AD converter shown in FIG. 1, FPGA, CPLD, other SoC, etc., and performs an owner authentication operation, and also a packet transmitted from the outside A means for separating and forming program data from data, and sensor data output from a sensor terminal are transmitted to the outside as packet data including authentication data.

Reference numeral 402 denotes an authentication sensor unit that includes the comparator circuit shown in FIG. 1 and stores authentication data and the like in advance. The authentication sensor unit includes an analog-to-digital converter such as a photocoupler including a specific sensor, converts an input analog signal into an optical signal, converts it into an electrical signal again, and converts the analog electrical signal at that time The digital signal may be converted into a digital signal.
In addition, the authentication sensor unit includes, for example, an optical element or the like that previously captures a part having poor conversion efficiency for each wavelength spectrum of light that is not rated, and an analog that outputs the wavelength of the part with low conversion efficiency. The authentication may be performed by digital authentication data that can be converted into a signal.
This authentication sensor unit functions in the same manner as the sensor unit 409 and sometimes measures the same part.
By performing the same measurement, two indirect interface data are formed and compared, and an owner check may be possible.

Reference numeral 403 denotes a gate unit, which includes the entrance gate and the exit gate shown in FIG. 1, and has a configuration capable of blocking or regulating data when an abnormal signal is input / output.

Reference numeral 404 denotes an input / output unit, which includes a modulation unit for transmitting / receiving data in a desired frequency band, a demodulation unit, a power amplification circuit for transmitting / receiving packet data from an antenna, and the like.

405 is an antenna for transmitting and receiving wireless packet data for wireless communication.

Reference numeral 406 denotes a transmission / reception unit A, which is an input / output device for using a medium such as an inductor for Bluetooth (registered trademark), infrared (LED, phototransistor), direct Wi-Fi, or ZIGbee (registered trademark). It is configured.
The transmission / reception unit A406 may be used in combination with the antenna 405 or may be used via a network.

Reference numeral 407 denotes a signal processing unit, which is composed of a microcomputer, FPGA, CPLD, or other SoC (System-on-a-chip) that constitutes an IoT device, and digitally converts sensor signal data from the sensor unit 409. The sensor digital data is temporarily or continuously stored in the memory of the storage unit 408, and programs such as OS and applications stored in the storage unit 408 are read and executed.
Reference numeral 407a denotes an additional signal output unit for outputting an additional signal to an arbitrary part when sensor data or the like is output from the signal processing unit 407.

Reference numeral 409 denotes a sensor unit, and 408 denotes a storage unit, which has the same configuration as in FIG. 1, but transmits event data and event time data from the sensor data to the control unit 401 for authentication. When performing, an AD converter (not shown) is provided, and after being converted into digital data by this AD converter, it is transmitted to the transmission / reception unit B410.
The sensor output of the sensor unit 409 is connected to the transmission / reception unit B410 and transmits a sensor digital signal to the control unit 401.

Reference numeral 410 denotes a transmission / reception unit B, which can communicate with the same configuration as the transmission / reception unit of the entrance / exit control device 40a.
Reference numeral 41 denotes a wireless router capable of wireless communication, and in some cases, a router having a gateway function for connecting to other networks is exemplified. Data is transmitted and received using radio waves of several MHZ to several tens of GHZ as the wireless medium 41a.
Reference numeral 42 denotes a network, which is mainly exemplified by the Internet, but may include a local area network and other mobile phone networks.
Reference numeral 43 denotes an administrator server for normally managing IoT devices.

The operation of the embodiment shown in FIG. 4 will be described.

When an update, addition, upgrade software or other program for the signal processing unit application program is transmitted from the entrance processing management server 43 or other IoT terminal, the transmission data is transmitted via the network 42 and the wireless router 41 to the antenna. Received at 405. Since the data is packet-type data using the TCP / IP protocol, transmission and reception are alternately performed. However, for the sake of explanation, explanation is limited to data input.

In addition, in the case of data input such as program upload from the regular management server 43, data to that effect is added to the packet data, and the control unit 401 recognizes this and forms a data reception mode. be able to. Therefore, the entrance / exit control device 40a has a configuration in which an IP address is automatically or fixedly assigned as a substitute for the sensor unit.
The data input to the input / output unit 404 is packet data cut to 1500 bytes or less, and this packet data is supplied to the control unit 401 via the gate unit 403.

The control unit 401 combines the divided program data described and embedded in the payload in the packet data, and detects the authentication data mainly from the part of the payload of the packet data. Perform the operation of stitching together.
The authentication data and the upload data may be written together in a state separated by a space or the like, or may be incorporated into different packets.
When the divided authentication data is combined, the control unit 401 transmits the authentication data to the authentication sensor unit 402 and compares it with the authentication data stored in advance to determine whether it is legitimate data. The analog signal may be input to the DA converter and converted into an analog signal, and this may be judged by an analog detection device such as a comparator as described in the operation of FIG.

When the data input by the control unit 401 can be authenticated as legitimate data based on the determination signal output from the authentication sensor unit 402, the signal processing unit 407 is transmitted via the transmission / reception unit A406 and the terminal transmission / reception unit B410. Send to.
Upon receiving this data, the signal processing unit 407 stores the data in the storage unit 408 and automatically executes the reception program as necessary.

In the case of authentication based on the exit processing event data and event time data, the sensor data of the sensor unit 409 is converted into a digital signal and then transmitted to the control unit 401 via the transmission / reception unit B410 and the transmission / reception unit A406.
The control unit 401 detects event data and event time data from the sensor data, and temporarily records them.
The event data may be one or more, but it may be preferable depending on the type of sensor that event data is detected within a time interval.

When the signal processing unit 407 transmits the sensor data output from the sensor unit 409 to the management server 43, the signal processing unit 407 collates the sensor data transmitted from the signal processing unit 407 with the event data and the event time data, and matches, If there is data that matches or approximates, authentication is performed. If there is data, authentication data is attached and sensor data is output to the management server 43.
If not, the gate unit 403 is shut off, data transmission / reception is shut off, and the management server 43 is notified of the abnormality.

When performing authentication based on the additional data, when the signal processing unit 407 transmits the sensor data output from the sensor unit 409 to the management server 43, the management server 43 transmits a transmission start signal indicating that the data is transmitted to the terminal. Output to part B410. The transmission start signal is received by the control unit 401 via the transmission / reception unit A406, and as a packet signal including the transmission source IP address (entrance / exit unit) and the transmission destination IP address (management server), the gate unit 403 and the input / output unit 404 are transmitted. And it transmits to the wireless router 41 via the antenna 405 and the wireless medium (radio wave) 41a.

The signal processing unit 407 organizes the sensor data and forms it as transmission data, obtains the additional signal data from the additional signal output unit 407a, and transmits it to the control unit 401 together with the sensor data.

The control unit 401 separates the additional signal data from the received sensor data, and transmits this to the authentication sensor unit 402 or inputs the data to the built-in DA converter (shown in FIG. 1). After being converted to an analog signal, it is output to the authentication sensor unit 402. If it is determined that the additional signal is normally output from the signal processing unit 407, the authentication data composed of the additional signal or the authentication data adjusted in advance is divided or adjusted for packet transmission, and The sensor data is divided and adjusted into a packet signal format, the authentication data packet and the sensor data packet are identifiably combined and transmitted to the gate unit 403, and output to the antenna 405 through the gate unit 403 and the input / output unit 404.

When it is determined that the additional signal data is not normally created by the regular signal processing unit 407 due to verification, operation, or the like of the authentication sensor unit 402, the control unit 401 transmits the data to the gate unit 403. A signal for shutting off the packet is output and the creation of packet data is interrupted.
When the gate unit 403 interrupts transmission / reception of data, the management server 43 disappears from the display showing the network configuration on the monitor screen of the network management computer of the management server 43, etc. And can authenticate that there is an abnormality in the IoT terminal.
Even in the case of a computer virus attack, the control unit 401 is attacked, and when there is no authentication data, a data blocking state is formed by the gate unit 403, so that the signal processing unit 407 is not affected and stable data communication is performed. It can be carried out.

Next, another embodiment will be described with reference to FIG.

In FIG. 5, 50a is an authentication unit, and 50b is an IoT terminal unit.

Reference numeral 501 denotes a control unit including an AD converter, a DA converter, a Bluetooth (registered trademark) output, a microcomputer having a port for performing infrared output, an FPGA, a CPLD, and other SoCs. This is a unit that separates and extracts additional data and authentication data from input data and determines whether the data is legitimate.
Further, the control unit 501 outputs an instruction signal to the instruction output unit 504 based on the determined content.

Reference numeral 502 denotes an authentication sensor unit, which has the same configuration as that shown in FIGS. 1 and 4, and includes authentication data input from the control unit 501, data for determining the authenticity of additional data, and Comparator circuits for determining authenticity are provided.

Reference numeral 503 denotes a transmission / reception unit A, which includes a Bluetooth (registered trademark) antenna, an infrared transmission / reception LED, a phototransistor, direct Wi-Fi, and the like.

Reference numeral 504 denotes an instruction output unit, which is composed of the same elements as the transmission / reception unit A503, and may be used together with the transmission / reception unit A503.

Reference numeral 505 denotes a signal processing unit, which is composed of an A / D converter, a D / A converter, a microcomputer equipped with an analog converter, FPGA, CPLD, and other SoCs as in FIGS. 1 and 4, and receives data from the sensor unit 506. This is for receiving, forming sensor data together with the additional data, further converting it into a packet signal and transmitting it to the input / output unit 511.
Further, the signal processing unit 505 combines the packet data input from the outside with the transmission / reception unit B508, and then outputs it to the transmission / reception unit B508 without executing it.

505a is an additional signal output unit for generating or previously storing an additional signal and outputting it to the signal processing unit 505 in the same manner as in FIG. In this embodiment, the additional signal is directly used as authentication data.

Reference numeral 506 denotes a sensor unit, which is provided with a target sensor and outputs an analog electric signal, similar to that shown in FIG. 1, and in the case of performing comparative authentication using event data and event time data. , Converted into a digital signal by an AD converter and transmitted to the transmission / reception unit B508.

Reference numeral 507 denotes a storage unit, which is composed of a memory IC, a storage medium, a storage device, etc., similar to the one shown in FIG. 1, and temporarily or continuously stores an OS program, application program, and other sensor data. Is for the purpose.

Reference numeral 508 denotes a transmission / reception unit B, which has the same configuration as that of the transmission / reception unit A503.
Reference numeral 509 denotes an instruction input unit that receives an output from the instruction output unit 504 and converts it into instruction data. When the instruction output unit 504 is an infrared LED, the instruction input unit 509 receives infrared rays. It is composed of units.
Reference numeral 510 denotes an instruction unit that forms and outputs a signal for stopping the transmission / reception operation of the input / output unit 511 based on instruction data transmitted from the instruction input unit 509.
The instruction unit 510 transmits the executable instruction data to the signal processing unit 505 when the instruction data transmitted from the instruction input unit 509 is the executable instruction data of the program.

Reference numeral 511 denotes an input / output unit for modulating and demodulating packet data, and for blocking and stopping input / output of packet data to be transmitted / received based on an instruction from the instruction unit 510.

Next, the operation will be described.

The packet data composed of the program data transmitted via the

entrance processing

network 52 is transmitted to the IP address provided in the IoT terminal unit 50b. The transmitted packet data is received by the antenna 512 via the wireless router 51 and the wireless medium 51a such as radio waves.

The packet data input via the antenna 512 is demodulated by the input / output unit 511 and transmitted to the signal processing unit 505. The signal processing unit 505 combines the program data and authentication data distributed in the packet data to generate one executable program. The authentication data is distributed and stored in several places in the program data, or is distributed and described in other payloads, and the part is recorded with a identifiable code or recorded so as to be identified by a predetermined blank. ing. The authentication data may be either text data or binary data, and may be output to the transmission / reception unit B 508 by being combined with a blank or the like as it is.

The transmission / reception unit A 503 receives this data and transmits it to the control unit 501.
The control unit 501 completes the distributed authentication data by detecting and combining the data, and transmits the authentication data to the authentication sensor unit 502 as it is. In the case of binary data and data for DA conversion, it is sent to the DA converter, converted to an analog signal, and then input to the comparator circuit to check the threshold value to confirm that it is legitimate data. To do.

In the case of regular data, the fact is transmitted to the instruction output unit 504.
The instruction data of the instruction output unit 504 is received by the instruction input unit 509, and the executable instruction data is transmitted to the instruction unit 510. The instruction unit 510 outputs an execution permission signal to the signal processing unit 505.
This execution permission signal outputs a signal “1” to a specific digital input port, so that the program of the signal processing unit 505 recognizes this and causes the signal processing unit 505 to execute the program. .

If the data is not regular data, a signal indicating that is transmitted to the instruction output unit 504. The instruction output unit 504 outputs a signal indicating that the data is not regular data to the instruction input unit 509, and the instruction input unit 509 outputs this signal to the instruction unit 510.
The instruction unit 510 outputs a signal to the input / output unit 511 to interrupt the transmission / reception path. The input / output unit 511 blocks the transmission / reception path.
The management server 53 detects the interruption of data and confirms that there is an abnormality in the IoT terminal.

Also, an erasure signal that is an execution non-permission signal is transmitted to another input port of the signal processing unit 505. Based on this signal, the signal processing unit 505 monitors the signal input to the other input port and erases the combined program data existing inside.

In the case of authentication based on the exit processing event data and event time data, the sensor data of the sensor unit 506 is converted into a digital signal and then transmitted to the control unit 501 via the transmission / reception unit B508 and the transmission / reception unit A503.
The control unit 501 detects event data and event time data from the sensor data, and temporarily records them in the internal memory.
The event data may be one or more, but it may be preferable depending on the type of sensor that event data is detected within a time interval.

When the signal processing unit 505 transmits the sensor data output from the sensor unit 506 to the management server 53, the signal processing unit 505 compares the sensor data transmitted from the signal processing unit 505 with the event data and the event time data so as to agree with each other. If there is data that matches or approximates, authentication is performed. If there is data, authentication data is attached and sensor data is output to the management server 53.
If there is no sensor data (if the sensor data is false), the instruction output unit 504 outputs a signal indicating that sensor data is not transmitted.
As for the signal output from the instruction output unit 504, the instruction unit 510 outputs a signal indicating that sensor data is not transmitted from the signal processing unit 505 via the instruction input unit 509, or sends an input / output block signal to the input / output unit 511. Send. When the doorway is shut off, the management server 43 is notified of the abnormality.

In the case of authentication using additional signal data, the signal processing unit 505 transmits sensor data and additional signal data transmitted from the additional signal output unit 505a to the transmission / reception unit B508.
The sensor data and additional signal data output to the transmission / reception unit B508 are transmitted to the transmission / reception unit A503 and supplied to the control unit 501.
For example, the additional signal data is transmitted to the authentication sensor unit 502 and collated with authentication data (additional signal data) stored in advance, or input to the DA converter and then compared with threshold data by a comparator circuit. If they match, a signal indicating that the signal is a normal signal is output to the instruction output unit 504 and transmitted to the instruction unit 510 via the instruction input unit 509.

The instruction unit 510 outputs a signal for permitting transmission to a specific port of the signal processing unit 505 and outputs a permission signal to a specific input port of the input / output unit 511.
The input / output unit 511 enables connection to the outside based on the permission signal.
If the control unit 501 determines that the data is not normal, the control unit 501 outputs that fact to the instruction output unit 504 and outputs a signal indicating that the data is not normal to the instruction unit 510 via the instruction input unit 509. The instruction unit 510 outputs an erasure signal to a specific input port of the signal processing unit 505, and the signal processing unit 505 erases the data.
Further, the instruction unit 510 blocks the data transmission / reception path of the input / output unit 511 and notifies the management server 53 of the abnormality of the IoT terminal.
In this embodiment, a configuration in which an authentication unit is used as an external unit centering on an IoT terminal is shown. By making this authentication unit easy to exchange, it is possible to perform authentication with a wider application range.

Next, another embodiment of the present invention will be described with reference to FIG.

FIG. 6 shows an embodiment in which stable authentication is performed by making it difficult to perform external decryption when performing an owner check.

In FIG. 6, reference numeral 601 denotes a control unit, which is composed of a microcomputer and other SoCs, and has the same configuration as the embodiment shown in FIG.
Reference numeral 601a denotes a transmission / reception unit A, which includes an LED, an infrared LED, an antenna, a phototransistor, and the like. belongs to.

Reference numeral 602 denotes an entrance gate, which is a SoC device capable of preventing data transmission / reception such as a bus switch, an analog switch, a relay switch, a logic digital switch, or an IC chip that can turn on / off data transmission. Is formed.

603 is an exit gate, which is formed of hardware switches similar to the entrance gate 602.

604 is an XOR (exclusive OR) gate, which is preferably composed of an XOR gate IC and a logic IC, but may be composed of software of the control unit 601.

605 is a sequence generator A, which outputs a discontinuous numerical value or an array of binarized data arranged in a predetermined number. Reference numeral 606 denotes a sequence generator B, and reference numeral 607 denotes a sequence generator C, which has a configuration similar to that of the sequence generator A 605 and outputs sequence data of different patterns. This numerical sequence is displayed as a binary data sequence in the case of binary data and in the case of hardware processing.

Reference numeral 60a denotes a selector for selecting a combination of the sequence generator A605, the sequence generator B606, and the sequence generator C607, and performs selection by inputting a selection signal.
For example, when the selection signal is BCA, the sequence generator B606 is output for a predetermined time, the sequence generator C607 is output for a predetermined time, and the sequence generator A605 is output for a predetermined time, and this is output to one signal path by the OR gate 60b. And output to the XOR gate.

The predetermined time is a preset time and is adjusted according to the sizes of the additional data and the authentication data.
In the case of software, the sequence generators A605 to C607 are preferably sequence generators based on text data.

Reference numeral 60b denotes an OR gate, which is composed of a CMOS, TTL, and general-purpose logic IC having three input terminals, adds three digital signals, and converts them into one digital signal.

Reference numeral 608 denotes a DA converter, which is a unit (circuit) that converts a digital signal into an analog signal. When the digital signal is built in the control unit 601, the DA converter may be used.

Reference numeral 609 denotes an authentication device which is connected to the output of the DA converter 608 or the XOR (exclusive OR) gate 604 and compares the decrypted authentication data with previously stored authentication data, The output value is compared and checked with a threshold value.
The authentication device 609 is for outputting the result of comparison or verification to the control unit 501.

610 is an input / output unit that is a circuit for performing modulation, demodulation, and power amplification for wireless communication.

Reference numeral 611 denotes an antenna, which includes a conductive member, a coil, and the like that transmit and receive modulated data in a predetermined frequency band.

A signal processing unit 612 includes an AD converter, a DA converter, Bluetooth (registered trademark), an infrared transmission / reception port, and has a configuration similar to that of FIG. Data for combining additional data is converted into packet data and output.
Reference numeral 612a denotes an additional data output unit, which is formed of analog or digital data including the content that it is regular output data, and has the same configuration as that shown in FIG.

The additional data output unit 612a may store the content of data in the storage unit 614 in advance, and may be read and used when necessary.
A transmission / reception unit B 612b includes a phototransistor, a CDS, a photodiode, an antenna, and the like. The transmission / reception unit B 612b performs transmission / reception of data using a wireless medium 601a1 such as infrared rays and radio waves in one set with the transmission / reception unit A.

Reference numeral 613 denotes a sensor unit, which has the configuration shown in FIG. 1. For example, in the case of a temperature sensor, analog data indicating a temperature value is output, and an AD converter built in the signal processing unit 612 or an independent AD converter Is converted into a digital signal, and the digital signal is output.

Reference numeral 614 denotes a storage unit which is composed of a digital memory and stores an OS program, an application program, and the like, and temporarily or continuously stores digital data output from the sensor in a binary format or a text format.

The operation of the embodiment shown in FIG. 6 will be described.

The sensor analog data output from the

authentication

sensor unit 613 based on the exit processing event data and the event time data is converted into digital data by an AD converter (not shown), and then transmitted to the control unit 601. Event data and event time data are detected and stored temporarily.
When the signal processing unit 612 intends to transmit sensor data to the management server 64, the sensor data is transmitted to the control unit 601 via the transmission / reception unit B 612b and the transmission / reception unit A 601a in advance, and matches the event data and event time data. Authenticate whether there is a match, approximation, or applicable part.

When there is a coincidence, a substantially coincidence, an approximation, or a corresponding part, a transmission permission signal is output from the control unit 601 to the transmission / reception unit A 601a. When a transmission permission signal is input via the transmission / reception unit 612b, the signal processing unit 612 transmits sensor data to which additional data (data that can be converted into an already authenticated authentic analog signal) is added to the exit gate 603.
When the signal processing unit 612 intends to transmit sensor data or the like to the outside, the additional data is combined with the sensor data, and the packetized data is output in the direction of the transmission / reception unit 612b.
When receiving the packet data, the transmission / reception unit 612b transmits the packet data to the control unit 601 via the transmission / reception unit 601a.
The control unit 601 outputs the received additional data to the DA converter 608.
The additional data input to the DA converter 608 is converted into an analog signal, compared with the threshold value by the comparator circuit of the authentication device 609, and the result is output to the control unit 601.

The control unit 601 forms a combined composite number sequence data by combining the output number sequences of the number sequence generator A605 to the number sequence generator 607 by combining the additional data with the selector 60a based on the number sequence selection signal by an OR gate. The additional data is encrypted by the XOR gate 604, and the encrypted additional data and the sequence selection data are combined, and then transmitted from the transmission / reception means A601a to the signal processing unit 612 via the transmission / reception means B612b. The signal processing unit 612 again creates packet data in which the encrypted additional data and the selection data are embedded, and outputs the packet data to the input / output unit 610 via the exit gate 603.
When there is no coincidence, substantially coincidence, approximation, or corresponding part, the exit gate 603 is shut off and the management server 64 is notified of the abnormality.

When additional data (additional signal data) is combined with sensor data, and authentication signal processing unit 612 in the case where there is no authentication by event data or the like intends to transmit sensor data or the like to the outside, the additional data is In combination with the data, the packetized data is output in the direction of the transmission / reception unit 612b.
When receiving the packet data, the transmission / reception unit 612b transmits the packet data to the control unit 601 via the transmission / reception unit 601a.
The control unit 601 outputs the received additional data to the DA converter 608.
The additional data input to the DA converter 608 is converted into an analog signal, compared with the threshold value by the comparator circuit of the authentication device 609, and the result is output to the control unit 601.

When the authentication result of the authentication device 609 is true, the control unit 601 ORs the output sequence of the sequence generator A605 to the sequence generator 607 in which this additional data is combined by the selector 60a based on the sequence selection signal. The combined composite number sequence data and the additional data are encrypted by the XOR gate 604 and the encrypted additional data and the sequence selection data are combined, and the transmission / reception means A 601a to the transmission / reception means B 612b are combined. To the signal processing unit 612. The signal processing unit 612 again creates packet data in which the encrypted additional data and the selection data are embedded, and outputs the packet data to the input / output unit 610 via the exit gate 603.
The input / output unit 610 modulates this, outputs it wirelessly from the antenna 611, and transmits it to the wireless router 62 via the wireless medium 62a. The sensor data that has reached the wireless router 62 is transmitted to the management server 64 via the network 63.

The management server 64 has the configuration shown in FIG. 6, separates and extracts the encrypted authentication data and selection data, selects C from the sequence generators A to C based on the selection data, and combines them with an OR gate. The encrypted additional data is restored by inputting the sequence data and the encrypted additional data to the XOR converter, and is input to the DA converter and the authentication device whether the data is legitimate data. And determined from the result.
When the additional data is false, the control unit 601 blocks the exit gate 603. Due to this blocking, the management server 64 can notice an abnormality because the packet data communication is blocked.

An executable data packet such as an update program is transmitted from the management server 64 or the like via the

entrance processing

network 63, and the packet data includes encrypted authentication data and sequence generator selection data.
The wireless router 62 modulates this data packet with a carrier wave and outputs it wirelessly, and the antenna 611 receives it via the wireless medium 62a.
The modulated packet data received by the antenna 611 is demodulated by the input / output unit 610 and transmitted to the control unit 601 through the entrance gate 602.

The control unit 601 extracts the encryption authentication data from the demodulated packet data, extracts selection data for selecting the sequence generator, and inputs the selection data to the selector 60a.
The selector 60a generates a composite number sequence by combining the generated data of the number sequence generator by the OR gate 60b in the order based on the selection data. The composite number sequence data and the encrypted authentication data are input to the XOR gate 604 to be decrypted, and the decryption authentication data is input to the DA converter 608. Synthetic sequence data at the time of encryption and decryption is synchronized.
The DA converter 608 converts the input digital signal into an analog signal, which is input to the comparator circuit of the authentication device 609 and compared with a threshold value.

As a result of the threshold comparison, if the threshold is exceeded, or if the data is in the upper and lower threshold voltage ranges, this is regarded as authentic authentication data, and the authentication device 609 transmits the data to that effect to the

control unit

601, 601 transmits the packet data to the signal processing unit 612 via the entrance gate 602.
Here, when packet data is transmitted again to the signal processing unit 612, it takes time and there is a possibility that communication may be hindered. Therefore, packet data is transmitted to the signal processing unit 612 and the control unit 601 at the same time. The signal processing unit 612 combines the divided data to form executable program data, and the drive (execution) is based on an execution permission signal input to the transmission / reception means B 612b or a signal from the control unit 501. It is preferable to be performed.

If the restored authentication data is false, the control unit 501 blocks the input gate 602 and the input / output unit 610. By this interruption, the management server 64 can notice that an abnormality has occurred in the IoT terminal.
Further, when packet data and program data obtained by combining the packet data have already been transmitted to the signal processing unit 612, command data for deleting them is transmitted via the transmission / reception unit A601a.
The signal processing unit 612 receives this command data signal via the transmission / reception unit B 612b, and deletes the packet program and the combined program based on the command data.

The stream cipher method using an XOR (exclusive OR) gate is very simple and can form a strong encryption system. By making this a circuit device, the burden on the IoT device is reduced. It is preferable in that an owner check using authentication data can be realized. In addition, although the synthetic | combination method which forms several random number generators and combines this and forms random number data was used, it is not restricted to this, Since the size of authentication data and additional data is small also in one random number generator. It may be fully available.
In the case of a stream cipher using an XOR gate, it is preferable that the input random numbers are synchronized during encryption and decryption.

Another embodiment of the present invention will be described with reference to FIGS. 7 (a) and 7 (b).

In the figure, reference numeral 70 denotes an inspection unit, which includes a temperature, humidity, barometric pressure, illuminance, noise, body temperature, electrocardiogram, other sensors, a target sensing unit in a television, a digital camera, a digital audio player, an HD recorder, and the like. In addition, a control unit for owner check is combined.

Specifically, CPU, GPU, onboard memory, CFAST, CF, SD, USB memory, mSATA, other memory computers and IO ports such as GPIO, serial ports such as UART and RS232C, etc. It is composed of a custom small and ultra-small single board computer, and is composed of an independent terminal or an attached terminal that is used by connecting to a USB socket of a PC (personal computer). ing.

Next, the configuration of the inspection unit 70 will be described.

Reference numeral 701 denotes a signal processing unit, which includes a CPU, GPU, FPGA, CPLD, and other memory as described above, and operates by software or hardware logic.
The signal processing unit 701 has a function of transmitting the sensor signal sent from the synthesis unit 709 to the center server 73, and also has a function of processing this and transmitting data to other IoT terminals. In some cases, a signal including a schedule signal or a signal that is separately distinguished is output to the input / output unit, or at least only the separated schedule signal is output to the control unit 707.

Reference numeral 702 denotes a sensor unit which performs a desired sensing in a temperature, humidity, atmospheric pressure, illuminance, noise, body temperature, electrocardiogram, other sensors, a television, a digital camera, a digital audio player, an HD recorder, etc. Output as an analog signal.

Reference numeral 703 denotes an additional unit, which is composed of a computer such as a PIC microcomputer, an ASIC such as FPGA and CPLD, and outputs scheduled feature signals. A noisy signal is generated by the request signal from the signal processing unit 701 for the time schedule data and the signal output from the sensor unit 702 having the time schedule, and the time schedule signal is generated by the signal processing unit 701 or the control unit. To 707.

The additional unit 703 stores at least a plurality of schedules and random numbers, is connected to the signal processing unit 701 for a predetermined period, and schedule setting is performed. The predetermined period is a period from the reset until the first external input via the network, and is a period in which a schedule can be set.
The signal output from the additional unit 703 is a kind of scheduled noise signal, and the frequency band is preferably narrow enough to be removed by a filter, and is preferably separated from the frequency band of the analog signal output from the sensor unit 702. However, signals that can be easily separated are preferred.
The schedule signal is preferably a signal whose amplitude value, pulse interval, and pulse amplitude of a narrow band pulse signal that can be easily removed by filtering are output at a predetermined time, and the pulse interval, pulse width, Create data with time-scheduled pulse amplitude.
For example, in the case of a pixel value, a digital schedule such as a change in position coordinates and a luminance value is exemplified.

Reference numeral 704 denotes a storage unit A, which mainly stores an OS program, an application program, and the like, and is further controlled by a switch for manually enabling / disabling writing, a transistor for enabling / disabling writing by an electric signal, and a switch such as an FET relay. It has a configuration.

By default, it is preferably set to a write-disabled state (read-only read only), and if necessary, a write-enabled state can be enabled by an external operation, but preferably includes both a hardware switch and a software switch. When both of these switches are protected on, complete protection is performed.

Software switch is, for example, Windows, uwmggr. In the state where volume protection is enabled in exe, and in LINUX, Read Only conversion is performed by a combination of OverFS, UnionFs, or aufs + fsprotect.

Hardware protection is exemplified by the setting to output a Disable signal to the write terminal. If it is commercially available, a hardware protection switch is attached to the case (made by CUCTUS) or a write prohibition switch is attached to the attached reader. Cfast type memory, USB memory with a write-protect switch (Buffalo, etc.).
By mounting both of these protects, it is possible to form a complete read-only configuration that compensates for the software protection security hole.

Also, a circuit that recognizes the state of protecting the writing of the SD card from the outside, such as an SD card, by the state of the switch on the side, and controls reading and writing may be used.

The storage unit 704 is preferably configured by software that does not perform long-term version upgrades such as the LTSB mode, but the control unit 707 releases the hardware protection switch configured by a relay circuit when performing an update or the like. After that, the reset signal processing unit 701 is in a clean state until external processing is performed, and an instruction signal is sent from the control unit 707 to the signal processing unit 701, and the signal processing unit 701 releases the software protection. It is preferable to start the process module.

The signal processing unit 701 and the control unit 707 are preferably configured so that they can be connected until the signal processing unit 701 communicates with the outside after the restart.

705 is a storage unit B, which is data and can be stored temporarily or continuously. Instead of the non-writable storage unit A704, data in a format that mainly does not affect the computer operation code is stored. The format that does not affect the computer operation code is a format in which at least the signal processing unit 701 cannot be directly referred to at the time of startup and is not read at startup, such as text, jpeg, exe, dll, etc. However, at least as it is, the signal processing unit 701 is always started in a predetermined process at the time of starting, but at that time, it is stored in a state where it cannot be referred to (for example, placed in a holder, a compression holder or the like).

706 is an input / output unit, which is formed by a router, a wireless LAN unit called an access point, or the like.

707 is a control unit, which is formed of the same computer as the signal processing unit 701. The control unit 707 outputs a reset signal to the signal processing unit 701 and inputs data at a predetermined time of the control unit 701.

708 is an antenna, which is made of, for example, a conductive member used in WiFi or the like. In this embodiment, the electromagnetic wave communication of WiFi is used. However, in the case of using other transmission media such as infrared rays, for example, in the case of optical communication, a light emitting diode or the like is applicable.

709 is a synthesis unit, which is composed of a computer, FPGA, CPLD, etc., and synthesizes analog output signals or digital output signals of the sensor unit 702 and the additional unit 703. The composition is exemplified by operations such as OR, AND, and XOR.

71 is a relay terminal, 72 is a network such as a wired or wireless Internet or an intranet, and 73 is a center server formed in a cloud format for managing and controlling the terminal. The relay terminal 71 includes a modem, an access point router, and the like, and is connected to a network 72 such as the Internet.

The center server 73 is exemplified by a server for unattended operation or manned operation in the position of obtaining information from the IOT terminal, performing processing according to the purpose, and managing transmission of command data.
Reference numeral 71a denotes a transmission medium, which indicates a LAN cable if wired, or an electromagnetic wave, laser light, infrared light, visible light, etc. if wireless.

Next, the operation of the embodiment will be described with reference to FIG.

The signal processing unit 701 reads and executes the program in the storage unit A 704. Since the storage unit A 704 is in a Read Only state and is executed while the initial state is maintained, a clean state is always formed at startup.
Limited transmission / reception with the control unit 707 may be performed during this clean state.
For example, updating or correction of a program such as an OS or an application stored in the storage unit A 704 is performed.
Note that it is preferable that the firmware program or the like forming the BIOS can be updated and corrected only at this time.

Starting (or restarting) the inspection unit 70
After activation, the signal processing unit 701 outputs a schedule signal creation instruction signal to the additional unit 703. After forming the schedule signal, the additional unit 703 outputs the schedule signal to the signal processing unit 701. In the case of a schedule signal, for example, in the case of a pulse train, the parameters indicating the pulse interval, the pulse width, and the pulse amplitude are preferably different each time, and may have a periodicity equivalent to a random number.

The parameter data of the schedule signal created by the additional unit 703 is output to the signal processing unit 701.
The signal processing unit 701 outputs this parameter data to the control unit 707 from the time of restart until the first update with the outside.
The control unit 707 is preferably stored in a flash memory such as emmc, RAM, etc. only during the period when this data is used, and is overwritten and deleted when new schedule parameter data is sent.

The data indicates to which part of the combined signal output by the combining unit 709 the characteristic signal (noise signal) is added. For example, in the temperature sensor, the characteristic signal (planned noise) is added to the analog data output. Is added systematically. This feature signal is preferably a signal that can be deleted later by filtering. A plurality of feature points are set and added in advance, and a feature point to be used is selected and notified.

It is preferable that the above operation is performed after starting or restarting, at least until connection with the outside is started and data is input from the outside.
That is, since the signal processing unit 701 reads and executes the OS from the read-only storage unit A 704, a clean state is always formed until data is input from the outside.

The signal processing unit 701 outputs the schedule data to the control unit 707, and then completely deletes and deletes related data and the like. As a result, even if the signal processing unit 701 is infected with malware and searches for related data, the data itself has disappeared, and the schedule signal cannot be acquired.

Execution of Check by Owner Unit Here, the owner unit becomes the control unit 707, and the sensor unit 702 performs target sensing and outputs an analog signal shown in (i) of FIG. 7B as a signal processing unit. Send. Alternatively, although not shown, the signal is converted into a digital signal by an AD converter and output.

The additional unit 703 outputs a schedule signal indicated by (ii) in FIG. 7B based on the set parameters via the terminal 703a. Although (ii) in FIG. 7B is an analog signal, it may be converted into a digital signal.

The schedule data indicates to which part the characteristic signal is added by the additional unit 703 to the sensor unit 702. For example, in the temperature sensor, the characteristic data (planned noise) is output from the analog data to be output. Is added systematically. This feature signal is preferably a signal that can be deleted later by filtering. A plurality of characteristic signals are set and added in advance, and a feature point to be used is selected and notified.

The sensor unit 702 performs sensing according to the purpose such as temperature, speed, and image, and outputs it to the synthesis unit 709 via the output point 702a ((i) in FIG. 7B). The sensed output has the form of a digital signal converted by AD converter processing and other numerical signals in addition to an analog signal.

The additional unit 703 outputs the additional signal ((ii) in FIG. 7B) set in the activation or restart setting to the synthesis unit 709 via the output terminal 703a.

The synthesizing unit 709 synthesizes these inputs as shown in (iii) of FIG. 7B, for example, and outputs the synthesized signal to the signal processing unit 701.

The signal processing unit 701 processes data according to the purpose and outputs it to the input / output unit 706.

The input / output unit 706 outputs these data to the relay terminal 71 connected to the network 72 such as the Internet via the antenna 708.
The input / output unit 706 further transmits these data to the control unit 707.

The data format transmitted to the control unit 707 by the input / output unit 706 is exemplified by the same signal as the capture signal, but may be separately adjusted data for the control unit 707, but at least the signal processing Since the unit 701 itself may be infected by a computer virus or the like, the control unit 707 preferably obtains data from the input / output unit 706.
The control unit 707 may receive a sensor signal from the direct signal processing unit 701 in addition to the signal from the input / output unit 706.

When the combined signal output from the combining unit 709 is, for example, an analog signal, the signal processing unit 701 converts the digital signal into a digital signal and transmits the presence / absence of an additional signal in the sensor signal converted into a digital signal in advance. Based on the schedule data of the additional unit 703 transmitted from the signal processing unit 701, and searching based on the schedule signal, a signal permitting output from the input / output unit 706 to the outside is output as enable, If not, it is determined that there is an infection such as a computer virus or malware or other abnormality in the signal processing unit 701, and a reset signal 707a is output to the signal processing unit 701.

In response to the input of the reset signal, the signal processing unit 701 is restarted based on the storage contents of the read-only storage unit 704.
By this restart, if the computer is infected with a computer virus or the like, the infection is completely erased, and schedule data different from the previous time is created in the additional unit 703. The signal is transmitted from the signal processing unit 701 to the control unit 707 within a predetermined time after restarting.

As described above, the transmission output schedule of the additional unit 703 based on the schedule data is difficult to obtain during the period when the signal processing unit 701 can be infected (in the network connection state after restarting and after the first external access). Only the control unit 707 serving as the owner unit for storing the schedule can be inspected.

In recent years, in the field of IoT equipment, which is expanding rapidly, by realizing stable data transmission / reception by owner check, it is possible to solve the security problem and further spread the field widely.

11a Entrance control unit 11b Exit control unit 12 Authentication device 13 Entrance gate 14 Exit gate 15 Input / output unit 16 Antenna 17 Signal processing unit 18 Storage unit 19 Sensor unit 20 Entrance side electrical communication path 21 Exit side electrical communication path 22 Wireless router 23 Management server 24 network

Claims

A signal processing means comprising a direct or indirect interface and outputting the executed data to the outside based on the interface;
Storage means for storing interface data;
When the signal processing unit transmits data to the outside, it compares the data with the interface data stored in the storage means, and determines that the data is genuine if it matches, substantially matches, approximates, or falls true, An owner check system comprising exit gate means that adds authentication data corresponding to external operation data and transmits it to the outside.
An entrance that receives data transmitted from the outside, detects authentication data from the received data, and receives it as authentic data when it matches, approximately matches, or approximates compared with comparison data stored in advance. Owner check system consisting of gate means.
Sensor unit that receives the desired operation and phenomenon and converts it into a sensor electrical signal,
A signal processing unit including a transmission unit that converts sensor electric signals of the sensor unit into sensor digital data and transmits the sensor data, and a reception unit that receives data from the outside together with the authentication data;
Recording means for detecting and temporarily recording event data and event time data from the sensor output of the sensor unit;
When the transmission unit outputs sensor data to the outside, the sensor data and the event data and event time data recorded in the recording unit are read to detect the presence / absence of matching, approximate matching, approximation, or corresponding data Authentication means to authenticate with,
A gate that shuts off the output of data to the outside when the authentication means cannot detect matching, approximately matching, approximation or applicable data;
An owner check system comprising authentication data adding means for authenticating that the sensor data is authentic, adding authentication data and transmitting the data to the outside when the authentication means detects coincidence, substantially coincidence, approximation or corresponding data.
4. The owner check system according to claim 3, wherein when the authentication means detects coincidence, substantially coincidence, approximation or corresponding data, the authentication unit authenticates that the sensor data is authentic, adds the authentication data, and transmits the data to the outside.
Sensor unit that receives the desired operation and phenomenon and converts it into a sensor electrical signal,
A signal processing unit having a transmission unit that converts sensor electric signals of the sensor unit into sensor digital data and transmits the sensor digital data together with an authentication signal to the outside; and a reception unit that receives data from the outside together with the authentication data;
An owner check system comprising authentication means for authenticating whether the data output from the signal processing unit is authentic data by verifying the authentication signal.
6. The owner check system according to claim 1, 2, 3 or 5, wherein if the data is not genuine data, an abnormality is notified to an organization managing these devices by a gate means for cutting off the connection with the outside.
6. The owner check system according to claim 1, 2, 3 or 5, wherein the authenticating means converts the digital data in the authenticating signal into an analog signal and compares the digital data for comparison.
The owner check system according to claim 1, 2, 3 or 5, wherein the authentication data is encrypted using a means for physically encrypting and decrypting.
The owner check system according to claim 1, 2, 3 or 5, wherein the digital data is packetized data, and the authentication data is divided and incorporated into a plurality of packets.
The sensor unit detects temperature, humidity, position, inclination, rotation speed, acceleration, pulse wave, electrocardiogram, blood flow, blood pressure, factory, plant, etc., such as a connected car, smart home appliance, robot, The owner check according to claim 1, 2, 3 or 5, which is a sensor used in so-called IoT (Internet of Things), M2M, etc., such as one or more arranged in a wearable device, a plant, a factory, or a public facility. system.
The owner check system according to claim 8, wherein the encryption is formed by a hardware unit formed by randomly using one or more XOR logic IC chips and a number sequence generator.
6. The owner check system according to claim 1, wherein the data authentication is performed by collecting and authenticating authentication data distributed and stored in a plurality of packet data within a predetermined time.