WO2020100704A1 - Camera system and method of driving camera system - Google Patents

Camera system and method of driving camera system Download PDF

Info

Publication number
WO2020100704A1
WO2020100704A1 PCT/JP2019/043612 JP2019043612W WO2020100704A1 WO 2020100704 A1 WO2020100704 A1 WO 2020100704A1 JP 2019043612 W JP2019043612 W JP 2019043612W WO 2020100704 A1 WO2020100704 A1 WO 2020100704A1
Authority
WO
WIPO (PCT)
Prior art keywords
pixel
capsule
receiving device
camera system
response
Prior art date
Application number
PCT/JP2019/043612
Other languages
French (fr)
Japanese (ja)
Inventor
俊介 大倉
賢右 森
功 高柳
中村 淳一
白畑 正芳
藤野 毅
汐崎 充
久保田 貴也
Original Assignee
ブリルニクスジャパン株式会社
学校法人立命館
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ブリルニクスジャパン株式会社, 学校法人立命館 filed Critical ブリルニクスジャパン株式会社
Priority to JP2020555574A priority Critical patent/JPWO2020100704A1/en
Publication of WO2020100704A1 publication Critical patent/WO2020100704A1/en

Links

Images

Classifications

    • AHUMAN NECESSITIES
    • A61MEDICAL OR VETERINARY SCIENCE; HYGIENE
    • A61BDIAGNOSIS; SURGERY; IDENTIFICATION
    • A61B1/00Instruments for performing medical examinations of the interior of cavities or tubes of the body by visual or photographical inspection, e.g. endoscopes; Illuminating arrangements therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/73Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by creating or determining hardware identification, e.g. serial numbers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B1/00Details of transmission systems, not covered by a single one of groups H04B3/00 - H04B13/00; Details of transmission systems not characterised by the medium used for transmission
    • H04B1/02Transmitters
    • H04B1/04Circuits
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B1/00Details of transmission systems, not covered by a single one of groups H04B3/00 - H04B13/00; Details of transmission systems not characterised by the medium used for transmission
    • H04B1/59Responders; Transponders
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/10Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols with particular housing, physical features or manual controls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N23/00Cameras or camera modules comprising electronic image sensors; Control thereof
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N23/00Cameras or camera modules comprising electronic image sensors; Control thereof
    • H04N23/60Control of cameras or camera modules
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N25/00Circuitry of solid-state image sensors [SSIS]; Control thereof
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/18Closed-circuit television [CCTV] systems, i.e. systems in which the video signal is not broadcast

Definitions

  • the present invention relates to a camera system for transmitting video data captured by a solid-state imaging device mounted on a swallowable capsule to a receiving system and a driving method for the camera system.
  • a CCD (Charge Coupled Device) image sensor and a CMOS (Complementary Metal Oxide Semiconductor) image sensor have been put to practical use as a solid-state imaging device (image sensor) using a photoelectric conversion element that detects light and generates an electric charge.
  • CCD image sensors and CMOS image sensors are used as a part of various electronic devices such as digital cameras, video cameras, surveillance cameras, medical endoscopes, personal computers (PC), and mobile terminal devices (mobile devices) such as mobile phones. Widely applied.
  • an in-vivo camera system As a camera system for a medical device equipped with such a solid-state imaging device, an in-vivo camera system has been proposed that transmits video data captured by the solid-state imaging device mounted in a swallowable capsule to a receiving device (for example, patents). Reference 1).
  • raw video data is wirelessly transmitted to a receiving device and then image processed to minimize capsule size and power consumption.
  • a signal receiver can be provided on the capsule side (see, for example, Patent Document 2).
  • the capsule is configured to wirelessly receive a control signal from the receiving device (control device) and control the camera, the irradiation unit, and the like.
  • the system is vulnerable to attacks such as interception and camouflage due to wireless transmission of raw data by the image sensor (solid-state imaging device).
  • the image sensor solid-state imaging device
  • a security risk of personal information may occur.
  • PUF Physical Unclonable Function
  • LSI security technology a technology called PUF (Physically Unclonable Function) has attracted attention in recent years as an LSI security technology.
  • PUF is a technique for extracting variations in semiconductors as physical characteristic amounts and obtaining an output unique to a device. Further, in the semiconductor device, the PUF is a circuit that extracts a minute performance shift caused by variations in the threshold value of a transistor that occurs during manufacturing and outputs it as a unique ID. Falsification of information can be prevented by authenticating the device using the unique ID generated by the PUF or adding a message authentication code (MAC) to the acquired data to ensure authenticity.
  • MAC message authentication code
  • CMOS image sensor PUF which has a security function by extracting the pixel variation of the CIS and using it as the information peculiar to an individual without adding an extra circuit to the CMOS image sensor (CIS) CIS-PUF.
  • Non-Patent Documents 1 and 2 describe a CMOS image sensor PUF (CIS-PUF) that generates a unique ID of a PUF from pixel variation information in a CMOS image sensor as a measure to prevent device authentication of the sensor and tampering with image data. Is proposed.
  • CIS-PUF CMOS image sensor PUF
  • CIS-PUFs when generating a PUF response, a digital value of a plurality of bits corresponding to the variation of pixel transistors is output, and a response of 1/0 is obtained from the magnitude relation of the threshold voltages of adjacent transistors. If the difference between the values of the pixel transistors to be compared is large, the size relationship of the threshold voltages is not reversed even if environmental conditions such as noise and temperature / voltage change, so it can be determined that the bits are stable. ..
  • CMOS image sensor CIS
  • authentication causes a reduction in the image data frame rate due to the processing time and an increase in the device cost due to the processing circuit.
  • the present invention realizes at least one of implementation of device authentication, protection of data integrity and reliability, data encryption, and prevention of erroneous data exchange between the capsule and at least the receiver on the receiver side. It is an object of the present invention to provide a camera system and a method for driving the camera system that can perform the above.
  • the present invention realizes at least one of implementation of device authentication, protection of data integrity and reliability, data encryption, and prevention of erroneous data exchange between the capsule and at least the receiver on the receiver side.
  • a camera system and a camera system drive capable of reducing the image data frame rate due to the processing time of signal processing for information security and preventing an increase in device cost due to a processing circuit. To provide a method.
  • a camera system includes a swallowable capsule equipped with a solid-state imaging device as a camera, and a receiving device that receives video data captured by the capsule and wirelessly transmitted.
  • the capsule includes a device ID circuit that transmits a device ID to the receiving device, and the receiving device includes at least a memory that stores the device ID received for presetting.
  • a second aspect of the present invention is to drive a camera system that includes a swallowable capsule equipped with a solid-state imaging device as a camera, and a receiving device that receives video data captured by the capsule and wirelessly transmitted.
  • the capsule transmits the device ID to the receiving device at least once in response to a predetermined trigger, and the receiving device stores the received device ID in a memory for presetting. Then, for example, when the receiving device performs authentication, it sends an authentication request to the capsule, and the capsule sends a device ID generated by the device ID circuit in response to the authentication request from the receiving device.
  • the receiving device receives the device ID transmitted from the capsule in response to the authentication request, evaluates the received device ID and the device ID preset in the memory, and the both IDs are the same.
  • the capsule is requested to transmit the video data, and the capsule transmits the video data captured by the camera to the receiving device in response to the transmission request from the receiving device.
  • At least one of implementation of device authentication, protection of data integrity and reliability, data encryption, and prevention of erroneous data exchange between the capsule and at least the receiver on the receiving device side. Can be realized. Further, according to the present invention, it is possible to prevent the image data frame rate from decreasing due to the processing time of signal processing for information security, and to prevent the increase in the device cost due to the processing circuit.
  • FIG. 1 is a block diagram showing a first configuration example of the in-vivo camera system according to the first embodiment of the present invention.
  • FIG. 2 is a block diagram showing a second configuration example of the in-vivo camera system according to the first embodiment of the present invention.
  • FIG. 3 is a diagram for explaining a device ID preset tail and a device authentication operation in the camera system according to the first embodiment.
  • FIG. 4 is a diagram for explaining a device ID preset operation and a data integrity and reliability protection operation in the camera system according to the first embodiment.
  • FIG. 5 is a diagram for explaining device ID presetting and encryption operations in the camera system according to the first embodiment.
  • FIG. 6 is a block diagram showing a configuration example of the solid-state imaging device according to the embodiment of the present invention.
  • FIG. 7 is a diagram for explaining the outline of the challenge and response authentication (Challenge & Response (CR authentication)) system.
  • FIG. 8A and FIG. 8B are diagrams for explaining device authentication in the present embodiment.
  • 9A and 9B are views for explaining the data integrity authentication in this embodiment.
  • 10 (A) and 10 (B) are first diagrams for explaining the data encryption processing in the present embodiment.
  • 11A to 11C are second diagrams for explaining the data encryption processing according to the present embodiment.
  • FIG. 12 is a circuit diagram showing an example of the pixel according to the present embodiment.
  • FIGS. 13A to 13C are diagrams for explaining a configuration example of a column output readout system of the pixel unit of the solid-state imaging device according to the embodiment of the present invention.
  • FIG. 14 is a block diagram showing an overall outline of response data creation which is the encryption processing system according to the present embodiment.
  • FIG. 15A to FIG. 15E are diagrams showing operation waveforms and the like of main parts in the normal operation mode and the response creation mode when the variation information of the threshold of the source follower transistor is adopted as the variation information of the pixel.
  • FIG. 16 is a diagram showing a pixel section according to the present embodiment, including an information acquisition section suitable for acquiring variation information forming a main part of a CMOS image sensor PUF (CIS-PUF), and column readout arranged for each column. It is a figure which shows the outline of a circuit.
  • FIG. 15A to FIG. 15E are diagrams showing operation waveforms and the like of main parts in the normal operation mode and the response creation mode when the variation information of the threshold of the source follower transistor is adopted as the variation information of the pixel.
  • FIG. 16 is a diagram showing a pixel section according to the present embodiment, including an information acquisition section suitable for acquiring
  • FIG. 17 is a diagram showing a state of PUF response generation using the pixel variation of the CIS-PUF of FIG.
  • FIG. 18 is a diagram showing the reproducibility and uniqueness as the PUF performance obtained by the response generation method as shown in FIGS.
  • FIG. 19 is a diagram showing FPR and FNR obtained from uniqueness and reproducibility.
  • FIG. 20 is a block diagram showing a configuration example of an in-vivo camera system according to the second embodiment of the present invention.
  • FIG. 21 is a block diagram showing a configuration example of an in-vivo camera system according to the third embodiment of the present invention.
  • Response data generation unit (encryption processing system), 281 ... Information acquisition unit, 282, 282A ... key generation unit, 283 ... image data generation unit, 284 ... identification data generation unit, 285 ... integrated unit, 286 ... memory, 290 ... read-out unit, 100 ... CR authentication system, 200 ... CIS-PUF chip, 300 ... Microcomputer.
  • FIG. 1 is a block diagram showing a first configuration example of the in-vivo camera system according to the first embodiment of the present invention.
  • FIG. 2 is a block diagram showing a second configuration example of the in-vivo camera system according to the first embodiment of the present invention.
  • the in-vivo camera system 10 is basically configured to include a swallowable capsule 20 and a receiving device 30 capable of wireless communication with the capsule 20.
  • the wireless transmission of raw data by the image sensor makes the system vulnerable to attacks such as eavesdropping and camouflage, which results in a security risk of personal information. May occur. Therefore, in the in-vivo camera system 10 of the present embodiment, between the capsule 20 and at least the receiver on the side of the receiving device 30, implementation of device authentication, protection of data integrity and reliability, data encryption, and error. It is configured so that it is possible to realize at least one of prevention of exchange of data.
  • the capsule 20 of FIG. 1 has a solid-state imaging device 21 and an optical system (lens system) 22 that constitute a camera CMR, and a transmitter (TX) 23.
  • the capsule 20A in FIG. 2 further includes a receiver (RX) 25.
  • the solid-state imaging device 21 is formed of, for example, a CMOS image sensor.
  • the solid-state imaging device 21 includes a CMOS image sensor having a function of a device ID circuit 24 that generates a PUF unique ID from pixel variations in the CMOS image sensor as a measure for preventing device authentication of the capsules 20 and 20A and falsification of image data. It is formed as a PUF (CIS-PUF).
  • the solid-state imaging device 21 is unique in association with at least one of pixel variation information and readout unit variation information when generating a PUF response (hereinafter, also referred to as PUF response). It is configured to be able to generate response data including a key.
  • the solid-state imaging device 21 includes a signal processing circuit capable of information security signal processing including response data generation processing in a security mode different from the normal operation mode MDU for generating a normal image, as described later in detail. Composed of.
  • the information security signal processing performed by this signal processing circuit is at least one of response data generation processing, device authentication, data integrity and reliability protection (data integrity authentication), and data encryption.
  • the information security signal processing includes, for example, an authentication processing in which the pixel address of the solid-state imaging device 21 is used as a challenge and the response data generated by a predetermined procedure is used as a response.
  • Optical system (lens etc.) 22 guides incident light to the pixel area of the CMOS image sensor (forms a subject image).
  • the transmitter 23 wirelessly transmits the device ID generated by the device ID circuit 24, the video data captured by the camera CMR, and the like to the receiving device 30 (30A).
  • the capsule 20 (20A) transmits the device ID generated by the device ID circuit 24 to the receiving device 30 (30A) at least once in response to a predetermined trigger.
  • the method of generating the device ID will be described in detail later.
  • the device ID for preset needs to be transmitted in advance before the capsule 20 is swallowed (swallowed).
  • the capsule 20 (20A) transmits the device ID generated by the device ID circuit 24 to the receiving device 30 at least once.
  • the capsule 20 (20A) transmits the device ID generated by the device ID circuit 24 to the receiving device 30 at least once when the blue light is exposed to the camera CMR.
  • the blue light includes green light and cyan light.
  • the capsule 20 (20A) when the capsule 20 (20A) receives the preset request from the receiving device 30 (30A), it transmits the device ID generated by the device ID circuit 24 to the receiving device 30 at least once.
  • the device ID circuit 24 is formed by the fuse of the solid-state imaging device 21, the fuse of the transmission device, the PUF system circuit, or the PUF system circuit of the solid-state imaging device 21.
  • the receiving device 30 has a receiver 31 and a memory 32.
  • the receiving device 30A in FIG. 2 further includes a transmitter 33.
  • the receiver 31 receives the device ID generated by the device ID circuit 24, the video data captured by the camera CMR, and the like, which are wirelessly transmitted from the transmitter 23 of the capsule 20.
  • the memory 32 is formed of, for example, a non-volatile memory, and stores the preset device ID received by the receiver 31 under the control of the controller of the receiving device 30 (30A).
  • the preset device ID needs to be set in advance before the capsule 20 is swallowed (swallowed).
  • the receiving device 30 (30A) stores the device ID to be preset in the secure memory 32.
  • the transmitter 33 wirelessly transmits an authentication request to the capsule 20 (20A) under the control of the controller of the receiving device 30 (30A).
  • FIG. 3 is a diagram for explaining device ID presetting and device authentication operations in the camera system according to the first embodiment. Note that FIG. 3 corresponds to the second configuration example of FIG. 2.
  • the receiving device 30A stores the received device ID transmitted from the capsule 20A in the secure memory 32. Note that, as described above, the device ID needs to be set in advance before the capsule 20A is swallowed (swallowed) in the living body.
  • the receiving device 30A transmits an authentication request to the capsule 20A (ID request (Challenge): ST1 in FIG. 3).
  • ID request (Challenge): ST1 in FIG. 3).
  • the capsule 20A transmits the device ID generated by the device ID circuit 24 in response to the authentication request from the receiving device 30A (Response: ST2 in FIG. 3).
  • the reception device 30A evaluates (compares) the received device ID with the device ID preset in the memory 32. If both IDs are the same, the receiving device 30A requests the capsule 20A to transmit the video data (okay, ST3 in FIG. 3).
  • the capsule 20A transmits the video data captured by the camera CMR to the receiving device 30A in response to the transmission request from the receiving device 30A (video, ST4 in FIG. 3). If the received device ID and the device ID preset in the memory 32 are not the same, the receiving device 30 outputs a warning signal without issuing a request to transmit video data to the capsule 20A.
  • the capsule 20A needs to be equipped with a receiver (RX) or a power receiving device as shown in FIG.
  • FIG. 4 is a diagram for explaining a device ID preset operation and a data integrity and reliability protection operation in the camera system according to the first embodiment. Note that FIG. 4 corresponds to the first configuration example of FIG. 1.
  • the receiving device 30 stores the received device ID transmitted from the capsule 20 in the secure memory 32. Note that, as described above, the device ID needs to be set in advance before the capsule 20 is swallowed (swallowed) in the living body.
  • the capsule 20 includes a key generation circuit 26 that generates a key KY based on the device ID, and transmits the video data VD and the encoded data using the key KY (ST11 in FIG. 4).
  • the receiving device 30 evaluates the video data and the key based on the device ID preset in the memory 32, and protects the integrity and reliability of the video data (ST12 in FIG. 4).
  • MAC Message Authentication Code
  • FIG. 5 is a diagram for explaining device ID presetting and encryption operations in the camera system according to the first embodiment. Note that FIG. 5 corresponds to the first configuration example of FIG. 1.
  • the receiving device 30 stores the received device ID transmitted from the capsule 20 in the secure memory 32. Note that, as described above, the device ID needs to be set in advance before the capsule 20 is swallowed (swallowed) in the living body.
  • the capsule 20 includes a key generation circuit 26 that generates a key KY based on the device ID, and transmits the encrypted video data VD together with the key KY (ST21 in FIG. 5).
  • the receiving device 30 decrypts the encrypted video data with a key based on the device ID preset in the memory 32 (ST22 in FIG. 5).
  • AES Advanced Encryption Standard
  • device authentication is implemented, data integrity and reliability are protected, data is encrypted, and erroneous data is exchanged between the capsule 20 (20A) and at least the receiver on the receiving device 30 (30A) side.
  • the basic configurations and functions of the in-vivo camera systems 10 and 10A capable of realizing at least one of the above have been described. At least one of implementation of device authentication, protection of data integrity and reliability, data encryption, and prevention of erroneous data exchange are realized between the capsule and at least the receiver on the receiving device side. In addition, it is possible to prevent a decrease in the image data frame rate due to the processing time of signal processing for information security, prevent an increase in the device cost due to the processing circuit, and require troublesome work.
  • FIG. 6 is a block diagram showing a configuration example of the solid-state imaging device according to the embodiment of the present invention.
  • the solid-state imaging device 21 is composed of, for example, a CMOS image sensor.
  • the solid-state image pickup device 21 includes a pixel unit 220 as an image pickup unit, a vertical scanning circuit (row scanning circuit) 230, a reading circuit (column reading circuit) 240, and a horizontal scanning circuit (column scanning). Circuit) 250, a timing control circuit 260, and a signal processing circuit 270 as main constituent elements.
  • the vertical scanning circuit 230, the readout circuit 240, the horizontal scanning circuit 250, and the timing control circuit 260 constitute a pixel signal readout unit 290.
  • the solid-state imaging device 21 determines the PUF unique ID from the pixel variation in the CMOS image sensor as a measure for preventing device authentication of the sensor 20 (20A) and tampering with the image data. It is formed as a CMOS image sensor PUF (CIS-PUF) for generation.
  • CIS-PUF CMOS image sensor PUF
  • the solid-state imaging device 21 is unique in association with at least one of pixel variation information and readout unit variation information when generating a PUF response (hereinafter, also referred to as PUF response). It is configured so that response data including a key can be generated.
  • the solid-state imaging device 21 generates a plurality of bits corresponding to the variation information of the pixel transistors when generating the variation information of the pixels and the reading unit 290 which are PUF responses.
  • the digital value (LSB value) is output, and the response data of 1/0 is acquired from the magnitude relation of the threshold voltages of the adjacent transistors.
  • the magnitude relationship with the threshold voltage VTH is not reversed even if environmental conditions such as noise and temperature / voltage change. It can be judged that it is a stable bit.
  • the CMOS image sensor PUF is one in which at least one of the pixel variation of the CMOS image sensor and the variation information of the reading unit is extracted and applied to the PUF.
  • the CIS-PUF has a normal imaging mode (normal operation mode) in which a correlated double sampling (CDS) circuit is operated to capture an image, and a CDS circuit. It has a security mode (PUF mode or response creation mode MDR) for shooting without operating.
  • the signal processing circuit 270 is configured to include the response data generation unit 280, and the response data generation process is performed in the security mode different from the normal operation mode MDU that generates the normal image.
  • Information security signal processing including is configured to be possible.
  • the signal processing circuit 270 of this embodiment has a wireless video interface (I / F) 710 capable of communicating with a microcomputer (hereinafter, referred to as a microcomputer) on the side of the receiving device 30 for authentication processing and the like. There is.
  • the signal processing circuit 270 performs the information security signal processing so that the image data frame rate can be prevented from lowering due to the processing time of the signal processing for information security and the increase in the device cost due to the processing circuit can be prevented. , Signal processing in the blanking period of image signal processing or signal processing for each row (line).
  • the information security signal processing performed by the signal processing circuit 270 is at least one of response data generation processing, device authentication, data integrity authentication, and data encryption.
  • the information security signal process includes an authentication process in which the pixel address is used as a challenge and the response data generated in a predetermined procedure is used as a response.
  • the authentication accuracy to be ensured when performing authentication is the probability FPR () of recognizing a forgery as a genuine product as an index of the authentication accuracy based on the uniqueness and reproducibility data of information security signal processing.
  • False Positive Rate and a probability FNR (False Negative Rate) of recognizing a genuine article as a false article can be obtained, and evaluation (determination, selection) can be performed by the probability FPR and the probability FNR.
  • the CIS-PUF is a PUF that uses a pixel address as a challenge and 1/0 data generated by a predetermined procedure as a response.
  • a pixel address as a challenge
  • 1/0 data generated by a predetermined procedure as a response.
  • CR authentication Challenge & Response
  • an outline of challenge and response authentication (Challenge & Response (CR authentication)) as an application of the PUF that uses the variation unique to each device for security will be described.
  • CR authentication Challenge & Response
  • FIG. 7 is a diagram for explaining an outline of a challenge and response authentication (Challenge & Response (CR authentication)) system.
  • the CR authentication system 100 of FIG. 7 is configured to include a CIS-PUF chip 200 on the capsule 20 (20A) side equipped with the solid-state imaging device 21 according to the present embodiment, and a microcomputer 300 on the receiving device 30 (30A) side. ing.
  • the CIS-PUF chip 200 has a video interface (Video I / F) 210 as the video interface 710 of FIG. 6, and the microcomputer 300 has a control interface (Control I / F) 310.
  • the CR authentication system 100 using CIS-PUF has a pre-registration mode and an authentication mode, and it is necessary to register (preset) the information of the CIS-PUF chip 200 in the microcomputer 300 side before performing authentication.
  • the pre-registration mode the IDs of all pixels are generated from the PUF mode side and stored in the memory 32, which is a safe area of the microcomputer 300.
  • the microcomputer 300 on the authentication side first transmits a PUF mode command to the CIS-PUF chip 200 (step ST101).
  • the CIS-PUF chip 200 captures images in the PUF mode and obtains a PUF mode image.
  • the microcomputer 300 uses a random number generator (RNG) 301 to determine which pixel is used to generate an ID with a random number, and sends the address designation to the CIS-PUF chip 200 as challenge information (step ST102). ..
  • the CIS-PUF chip 200 cuts out the PUF mode image according to the received address designation and generates 1/0 data.
  • the CIS-PUF chip 200 transmits this ID to the microcomputer 300 as a response to the challenge (step ST103).
  • the microcomputer 300 cuts out the ID of the specified address from the 1/0 data registered in advance and compares it with the ID received from the CIS-PUF chip 200. If the IDs match, the authentication is successful (step ST104).
  • the signal processing circuit 270 which is a part of the CIS-PUF chip 200, and the microcomputer 300, which are one of the features of this embodiment, are device authentication, data integrity authentication, and Each process of data encryption will be described more specifically.
  • FIG. 8A and FIG. 8B are diagrams for explaining device authentication in the present embodiment.
  • the signal processing circuit 270 which is a part of the CIS-PUF chip 200, receives the challenge of the pixel address XY from the microcomputer 300 as the control device on the receiving device 30 side during pixel reading, and the CIS-PUF chip receives the challenge. Write the received address to the register inside the chip.
  • the security mode PPF mode
  • pixels are accessed according to the Y address received during the vertical blanking period PVB.
  • the pixel signal is processed during the vertical blanking period PVB to obtain a device ID with improved reproducibility and uniqueness.
  • the device ID acquired during the vertical blanking period PVB or during the next pixel reading period is transmitted to the microcomputer 300 as a response to the challenge.
  • the microcomputer 300 checks the device ID for authentication. In the case of streaming video data, the authentication is performed every one frame, one second, one minute, one hour, or one day.
  • Data integrity certification 9A and 9B are views for explaining the data integrity authentication in this embodiment.
  • the signal processing circuit 270 which is a part of the CIS-PUF chip 200, sets a pixel address for acquiring the device ID.
  • the device ID is acquired from the variation information of the pixel addressed during the vertical blanking period PVB.
  • a row (line) pixel signal is read, and a message tag having a device ID as a unique key and a line pixel signal as a message is generated by a message authentication code (MAC) function.
  • MAC message authentication code
  • the pixel address, the line pixel signal, and The data tag is transferred to the side of the microcomputer 300 that is the control device of the receiving device 30 that performs the integrity authentication.
  • the microcomputer 300 on the receiving device 30 side executes the MAC process using the same key as that generated with the pixel address and the pixel data for the consistency verification.
  • the pixel address can be arbitrarily changed at any time.
  • Data encryption 10 (A) and 10 (B) are first diagrams for explaining the data encryption processing in the present embodiment.
  • 11A to 11C are second diagrams for explaining the data encryption processing according to the present embodiment.
  • the signal processing circuit 270 which is a part of the CIS-PUF chip 200, sets the pixel address for acquiring the device ID.
  • the device ID is acquired from the variation information of the pixel addressed during the vertical blanking period PVB.
  • the pixel signal of the first row (Line1) is read from the pixel unit 220 and the pixel signal is stored in the internal line memory. While the pixel signals of the second row (Line2) are being read from the pixel unit 220, the pixel signals of the first row (Line1) are encrypted with the key that is the device ID.
  • the encrypted pixel signal and pixel address of the first row (Line1) are used as a decryption process as the control device side ISP (Image Signal Processor).
  • ISP Image Signal Processor
  • the microcomputer 300 decrypts the encrypted pixel value of the first row (Line1) with the same key.
  • CMOS image sensors are usually equipped with several rows of memory, and by reusing this line memory, line-by-line encryption also realizes negligible circuit costs.
  • information security signal processing such as device authentication, data integrity authentication, and data encryption is performed as signal processing in the blanking period of image signal processing or signal processing for each row (line). Since the execution is performed, the image data frame rate can be prevented from lowering due to the processing time of the signal processing for information security, and the increase in the device cost due to the processing circuit can be prevented.
  • a plurality of pixels including a photodiode (photoelectric conversion element) and an in-pixel amplifier are arranged in a two-dimensional matrix of n rows ⁇ m columns.
  • FIG. 12 is a circuit diagram showing an example of a pixel according to this embodiment.
  • the pixel PXL has, for example, a photodiode (PD) which is a photoelectric conversion element.
  • the photodiode PD has one transfer transistor TG-Tr, one reset transistor RST-Tr, one source follower transistor SF-Tr, and one selection transistor SEL-Tr.
  • the photodiode PD generates and accumulates signal charges (here, electrons) in an amount corresponding to the amount of incident light.
  • signal charges here, electrons
  • each transistor is an n-type transistor
  • the signal charge may be a hole or each transistor may be a p-type transistor.
  • the reset transistor RST-Tr, the source follower transistor SF-Tr, and the selection transistor SEL-Tr are shared by a plurality of photodiodes, Is also effective, and is also effective when a three-transistor (3Tr) pixel having no selection transistor is adopted.
  • the transfer transistor TG-Tr is connected between the photodiode PD and the floating diffusion FD (Floating Diffusion) and is controlled by the control signal TG.
  • the transfer transistor TG-Tr is selected when the control signal TG is at the high level (H) and becomes conductive, and transfers the electrons photoelectrically converted by the photodiode PD to the floating diffusion FD.
  • the reset transistor RST-Tr is connected between the power supply line VRst and the floating diffusion FD and controlled by the control signal RST.
  • the reset transistor RST-Tr may be connected between the power supply line VDD and the floating diffusion FD and controlled by the control signal RST.
  • the reset transistor RST-Tr is selected and rendered conductive while the control signal RST is at the H level, and resets the floating diffusion FD to the potential of the power supply line VRst (or VDD).
  • the source follower transistor SF-Tr and the selection transistor SEL-Tr are connected in series between the power supply line VDD and the vertical signal line LSGN.
  • a floating diffusion FD is connected to the gate of the source follower transistor SF-Tr, and the selection transistor SEL-Tr is controlled by the control signal SEL.
  • the selection transistor SEL-Tr is selected to be conductive when the control signal SEL is H.
  • the source follower transistor SF-Tr outputs the column output analog signal VSL corresponding to the potential of the floating diffusion FD to the vertical signal line LSGN.
  • each control signal SEL, RST, and TG is shown as one row scanning control line.
  • the vertical scanning circuit 230 drives the pixels through the row scanning control lines in the shutter row and the reading row under the control of the timing control circuit 260. Further, the vertical scanning circuit 230 outputs a row selection signal of a row address of a read row for reading out a signal and a shutter row for resetting charges accumulated in the photodiode PD according to the address signal.
  • the readout circuit 240 includes a plurality of column signal processing circuits (not shown) arranged corresponding to each column output of the pixel section 220, and is configured such that column parallel processing can be performed by the plurality of column signal processing circuits. May be done.
  • the readout circuit 240 can be configured to include a correlated double sampling (CDS: Correlated Double Sampling) circuit, an ADC (analog-digital converter; AD converter), an amplifier (AMP, amplifier), a sample hold (S / H) circuit, and the like. Is.
  • CDS Correlated Double Sampling
  • ADC analog-digital converter
  • AMP amplifier
  • S / H sample hold
  • the readout circuit 240 may be configured to include the ADC 241 that converts each column output analog signal VSL of the pixel section 220 into a digital signal, as shown in FIG. 13A, for example.
  • the readout circuit 240 may be provided with an amplifier (AMP) 242 that amplifies the column output analog signal VSL of the pixel section 220, as shown in FIG. 13B, for example.
  • the read circuit 240 may be provided with a sample hold (S / H) circuit 243 that samples and holds each column output analog signal VSL of the pixel section 220, as shown in FIG. 13C, for example.
  • the read circuit 240 may be provided with an SRAM as a column memory that stores a signal obtained by performing a predetermined process on a pixel signal output from each column of the pixel unit 220.
  • the horizontal scanning circuit 250 scans the signals processed by a plurality of column signal processing circuits such as the ADC of the reading circuit 240, transfers the signals in the horizontal direction, and outputs the signals to the signal processing circuit 270.
  • the timing control circuit 260 generates a timing signal required for signal processing of the pixel section 220, the vertical scanning circuit 230, the reading circuit 240, the horizontal scanning circuit 250, and the like.
  • the signal processing circuit 270 In the normal read mode MDU, the signal processing circuit 270 generates two-dimensional image data by performing predetermined signal processing on the read signal read by the read circuit 240 and subjected to predetermined processing.
  • CMOS image sensor As described above, in the solid-state imaging device (CMOS image sensor), electrons generated by photoelectric conversion with a slight amount of light are converted into a voltage with a minute capacitance, and further output using a source follower transistor SF-Tr having a minute area. is doing. Therefore, it is necessary to remove minute noise such as noise generated when resetting the capacitance and variations in transistor elements, and the difference between the reset level (VRST) and the brightness level (signal level: VSIG) of each pixel is output. ing.
  • VRST reset level
  • VSIG brightness level
  • the reset noise and the threshold variation can be removed, and a signal of several electrons can be detected.
  • the operation of detecting this difference is called CDS (correlated double sampling) and is a widely used technique. CDS reading is sequentially performed on all pixels arranged in an array, and one frame worth of data is read out. Normal 2D image data is output.
  • the operation for generating this normal two-dimensional image data is configured to be operable in the normal operation mode MDU.
  • the variation information specific to the solid-state imaging device 21 (variation in pixel and readout circuit). Information)
  • a unique key is generated, and the unique key and the acquired data obtained from the solid-state imaging device 21 are combined to generate identification data.
  • the identification data is integrated with the image data and output as response data RPD. The identification data cannot be created correctly when the information is not recognized.
  • the operation related to the generation of the unique key is configured to be operable in the response creation mode MDR (PUF mode, security mode).
  • a pixel variation pattern (variation information) unique to each chip that does not depend on peripheral brightness is output as a unique ID.
  • variation pattern for each pixel is output. Since the brightness level is not output, it is possible to output a pattern image that does not depend on the exposure condition of the image sensor.
  • the output of each pixel includes FPN and thermal noise that fluctuates randomly for each frame. However, since the FPN in the response creation mode MDR is 10 times or more larger than the thermal noise, a stable fixed variation pattern is returned. It can be output as data RPD.
  • the response data including the unique key is generated in association with at least one of the pixel variation information and the reading unit variation information.
  • FIG. 14 is a block diagram showing an overall outline of response data creation which is the encryption processing system according to the present embodiment.
  • the response data creation unit 280 which is the encryption processing system in FIG. 14, includes an information acquisition unit 281, a key generation unit 282, an image data generation unit 283, an identification data generation unit 284, an integration unit 285, and a memory 286 as main components. Have as. Although the information acquisition unit 281 and the key generation unit 282 are configured as separate functional blocks in the example of FIG. 14, the information acquisition unit 281 and the key generation unit 282 can be configured as one functional block. ..
  • the information acquisition unit 281 acquires at least one of the variation information PFLC of the pixel PXL and the variation information CFLC of the constituent circuits of the readout circuit 240, and supplies the obtained variation information to the key generation unit 282.
  • the information acquisition unit 281 can employ the variation information of the threshold value VTH of the source follower transistor SF as the variation information of the pixel.
  • FIGS. 15A to 15E show operation waveforms of main parts in the normal operation mode and the response creation mode when the variation information of the threshold value VTH of the source follower transistor SF is adopted as the variation information of pixels.
  • FIG. 15A is a circuit diagram of the readout system of the pixel PXL
  • FIG. 15B is an operation waveform in the normal operation mode MDU
  • FIG. 15C is an operation waveform in the response creation mode MDR
  • FIG. D) shows a key pattern image in which the variation information is binarized
  • FIG. 15E shows the relationship between the output signal, the number of pixels, and the threshold value VTH.
  • the CDS circuit 244 is connected to the vertical signal line LSGN via one terminal of the switch SW0.
  • the other terminal of the switch SW0 is connected to the supply line of the reference voltage Vref.
  • the difference signal is used as the output signal of the pixel to eliminate the variation in the threshold value of the source follower transistor SF included in each pixel PXL.
  • the rear circuit fetches the reference voltage level (Vref) at time t1 and the pixel reset voltage level at time t2. By reading the difference between these signals, the variation in the reset voltage of each pixel PXL can be extracted. In this example, this variation distribution is used as a key. Since the variation is about 100 mV, it may be amplified by an amplifier or the like.
  • the key generation unit 282 (FIG. 14) generates a unique key using at least one of the pixel variation information acquired and supplied by the information acquisition unit 281 and the variation information of the readout circuit 240.
  • the key generation unit 282 supplies the generated unique key KY to the identification data generation unit 284.
  • the key generation unit 282 generates the unique key KY, for example, during a period (for example, a blanking period) other than when valid pixels of the pixel unit 220 are read.
  • the image data generation unit 283 in FIG. 14 generates the image data IMG by performing predetermined signal processing on the read signal read through the read circuit 240 and subjected to predetermined processing in the normal read mode.
  • the image data generation unit 283 supplies the generated image data IMG to the integration unit 285.
  • the image data generation unit 283 supplies the acquisition data AQD acquired from the solid-state imaging device 21 to the identification data generation unit 284.
  • the acquired data AQD is the whole or a part of the image data.
  • the identification data generation unit 284 combines the unique key KY generated by the key generation unit 282 and the acquisition data AQD acquired by the solid-state imaging device 21 to generate the identification data DSCD.
  • the identification data generation unit 284 supplies the generated identification data DSCD to the integration unit 285.
  • the solid-state imaging device 21 As described above, the solid-state imaging device 21 according to the present embodiment, as a measure for preventing device authentication of the sensor and tampering with the image data, generates a unique ID of the PUF from the pixel variation in the CMOS image sensor. CIS-PUF).
  • a PUF response hereinafter, also referred to as a PUF response
  • response data including a unique key is generated in association with at least one of pixel variation information and readout unit variation information.
  • a preferred configuration example of the CIS-PUF capable of performing will be described.
  • FIG. 16 shows a pixel unit according to the present embodiment and a column readout arranged for each column, which includes an information acquisition unit suitable for acquiring variation information forming a main part of a CMOS image sensor PUF (CIS-PUF). It is a figure which shows the outline of a circuit.
  • CIS-PUF CMOS image sensor
  • the pixel unit 220A and the column readout circuit 240 of FIG. 16 determine the size (subtraction) between two vertical pixels (upper and lower in the figure) in order to improve the reproducibility of the variation signal and improve the uniqueness of the variation pattern. Etc.) and binarization can be performed.
  • the pixel portion 220A of FIG. 16 includes one floating diffusion FD, one source follower transistor SF-Tr as one source follower element, a reset transistor RST-Tr as one reset element, and a selection transistor SEL as one selection element.
  • -Tr has a pixel sharing structure in which a plurality of (two in this example) photoelectric conversion elements photodiodes PD1 and PD2 and transfer transistors TG-Tr1 and TG-Tr2 as transfer elements are shared.
  • the pixel PXLA of the CMOS image sensor of FIG. 16 is driven by the photodiodes PD1 and PD2, the transfer transistors TG-Tr1 and TG-Tr2 driven by the control signals TG1 and TG2 which are transfer clocks, and the control signal RST which is a reset clock.
  • the two photodiodes PD1 and PD2 share the reset transistor RST-Tr, the source follower (SF) transistor SF-Tr, and the selection transistor SEL-Tr.
  • This is a method widely used for fine pixels in recent years, and by sharing each transistor among PDs, the area of the PD is made larger than a predetermined prime size, and the photoelectrically convertible region is expanded. Therefore, the detection sensitivity to incident light is increased.
  • the power supply line VDD of the power supply voltage Vdd, the source follower (SF) transistor SF-Tr, and the current source Id are connected in series to form a source follower circuit.
  • the voltage of the floating diffusion FD is input to the ADC 241 via the AMP 242 of the read circuit 240, converted into a digital signal, and output to an interface circuit (not shown).
  • the clip circuit 245 is arranged at the pixel array end, and the clip gate CG and the diode connection transistor M0 driven by the control signal CLIP which is the clip clock are arranged at the pixel array end, and by limiting the pixel output voltage amplitude, Used for stable operation.
  • the CIS-PUF generates a PUF response (pixel variation information) unique to each device by utilizing the characteristic variation of each pixel of the CMOS image sensor.
  • the characteristic variation includes fixed pattern noise (FPN: Fixed Pattern Noise) generated at a fixed position and random noise randomly generated regardless of the positions of pixels and the like.
  • FPN Fixed Pattern Noise
  • the CMOS image sensor has a CDS (Correlated Double Sampling) which takes a difference between a reset potential (VRST) and a signal potential (VSIG) for each pixel in order to eliminate these characteristic variations. It is carried out.
  • the CIS-PUF has a response creation mode (PUF mode) MDR that is a signal read mode that does not operate the CDS in order to obtain variation information for the purpose of generating a PUF response.
  • PUF mode response creation mode
  • This PUF mode makes it possible to obtain an output in which pixel variations are dominant.
  • a solid-state image pickup device (CMOS image sensor) 21A as a CIS-PUF in FIG. 16 has an array structure of 1,920 ⁇ 1,080 (full HD) pixels.
  • This solid-state imaging device (CMOS image sensor) 21A shares a source follower transistor SF-Tr with two pixels adjacent in the vertical direction (upper and lower in the figure), and the number of source follower transistors SF-Tr is 1,920 ⁇ 540. is there.
  • the potential obtained from the clip circuit 245 existing in each column is used as a reference potential, and the difference from the reset potential of each pixel is calculated to extract the variation for each pixel.
  • the clip circuit 244 arranged in each column is first selected. At this time, the gate voltage of the diode-connected transistor M0 is VDD, and the voltage shifted by the offset voltage from the power supply voltage is held in the ADC 241 via the amplifier 242. Next, the target pixel is selected, and the reset transistor RST-Tr and the transfer transistor TG-Tr are turned on at the same time to discharge the charge accumulated in the photodiode PD.
  • the potential of the floating diffusion FD which is a minute capacitance, becomes VDD, and similarly, the voltage dropped by the offset voltage from the power supply voltage is held in the ADC 241.
  • the difference between these voltages is taken, so that the offset variation between the source follower transistor SF-Tr of the pixel and the transistor CG of the clip circuit 244 is highly reproducible fixed pattern noise, and this is used to generate an ID. To do.
  • FIG. 17 is a diagram showing a state of PUF response generation using the pixel variation of the CIS-PUF of FIG.
  • the PUF response generation using the pixel variation of the CIS-PUF compares the output values (LSB values) of two source follower transistors SF-Tr adjacent in the vertical direction (up and down) to generate 1/0 data.
  • the upper and lower output values are compared in magnitude, and when the upper output value is larger than the lower output value (upper> lower) “1”, the upper output value is smaller than the lower output value (Upper ⁇ Lower) Set to "0".
  • the source follower transistor SF-Tr is shared by the upper and lower two pixels. Therefore, first, an output value of one source follower transistor SF-Tr is obtained by averaging the outputs which are vertically adjacent to each other, and a map of the output of 540 ⁇ 1,920 is obtained. Further, the outputs adjacent to each other in the vertical direction are compared in size to generate 1/0 data of 270 ⁇ 1,920.
  • the CIS-PUF is a PUF in which the pixel address is used as a challenge and the 1/0 data generated in the above procedure is used as a response.
  • FIG. 18 is a diagram showing reproducibility and uniqueness as PUF performance obtained by the response generation method shown in FIGS. 16 and 17.
  • Uniqueness and reproducibility were evaluated as performance evaluation of CIS-PUF.
  • Uniqueness is an index showing how different the IDs of two chips are when compared.
  • Uniqueness is calculated by averaging 100 images on each chip, making 3,840 blocks of 128-bit length ID, calculating HD (stance in Hamming) between IDs generated by two different chips, and calculating the average value. It can be obtained.
  • ID length is L
  • the average of the uniqueness HD distribution is L / 2
  • the standard deviation is ⁇ L / 2, which is an ideal value.
  • Reproducibility is an index that shows how stable an ID generated by a certain chip is, and makes 3,840 blocks of 128-bit length ID from an image obtained by averaging 100 images for each chip. It is obtained by calculating the HD of the reference ID and the ID made from each of the 100 images, and obtaining the average value.
  • the reproducible HD is ideally distributed in the vicinity of 0.
  • FIG. 18 shows the distribution of uniqueness and reproducibility when the five chips prepared were evaluated with an ID length of 128 bits.
  • the authentication is performed by verifying whether the ID registered in advance on the microcomputer 300 side matches the ID generated by the PUF.
  • the PUF does not output the exact same ID each time, and some bit inversion occurs. Therefore, it is necessary to allow some errors during authentication.
  • FPR Rate
  • FNR False Negative Rate
  • FIG. 19 is a diagram showing FPR and FNR obtained from uniqueness and reproducibility.
  • the horizontal axis represents the threshold value and the vertical axis represents the FPR and FNR values at that time.
  • the authentication accuracy that should be secured when performing authentication was determined by referring to the authentication accuracy of biometric authentication.
  • the biometric authentication system currently in use has an authentication accuracy of 0.1 ppm or less.
  • the target of biometric authentication is a human, and the total number thereof is about 7.5 billion.
  • what is targeted for CR authentication using CIS-PUF is a sensor, and the total number thereof is estimated to be about 1 trillion. Therefore, considering the difference in the number of objects, both FPR and FNR were set to 0.001 ppm or less as a reference. For example, the error rate can be reduced to 0.001 ppm or less by setting the number of error-allowable bits between 9 and 29 bits.
  • the camera systems 10 and 10A receive the swallowable capsules 20 and 20A in which the solid-state imaging device 21 as the camera CMR is mounted, and the video data captured by the capsules 20 and 20A and wirelessly transmitted.
  • Receiving devices 30 and 30A, the capsules 20 and 20A include a device ID circuit 24 that transmits a device ID to the receiving devices 30 and 30A, and the receiving devices 30 and 30A receive at least the device received for presetting. It includes a memory 32 for storing the ID.
  • the capsule 20, 20A transmits the device ID to the receiving device 30, 30A at least once when the camera CMR is powered before being swallowed.
  • the device ID generated by the device ID circuit 24 is transmitted at least once to the receiving devices 30, 30A.
  • the receiving device 30 or 30A stores the device ID received from the capsule 20 or 20A and received in the secure memory 32.
  • the device ID needs to be set in advance before the capsules 20 and 20A are swallowed (swallowed) in the living body.
  • the receiving device 30 transmits an authentication request to the capsule 20 (ID request (Challenge) in FIG. 3).
  • ID request (Challenge) in FIG. 3
  • the capsule 20 transmits the device ID generated by the device ID circuit 24 in response to the authentication request from the receiving device 30 (ResponseF2 in FIG. 3).
  • the receiving device 30 evaluates (compares) the received device ID with the device ID preset in the memory 32. If both IDs are the same, the receiving device 30 requests the capsule 20 to transmit the video data.
  • the capsule 20 transmits the video data captured by the camera CMR to the receiving device 30 in response to the transmission request from the receiving device 30.
  • the capsule 20 includes a key generation circuit 26 that generates a key KY based on the device ID, and transmits the video data VD and the encoded data using the key KY.
  • the receiving device 30 evaluates the video data and the key based on the device ID preset in the memory 32, and protects the integrity and reliability of the video data.
  • the capsule 20 also includes a key generation circuit 26 that generates a key KY based on the device ID, and transmits the encrypted video data VD with the key KY.
  • the receiver 30 decrypts the encrypted video data with a key based on the device ID preset in the memory 32 in order to protect the video data.
  • the capsule 20 and the receiver on the receiving device 30 side In the in-vivo camera systems 10 and 10A, between the capsule 20 and the receiver on the receiving device 30 side, implementation of device authentication, data integrity and reliability are performed. It is possible to realize protection of data, data encryption, and prevention of erroneous data exchange.
  • any of response data generation processing at least device authentication, data integrity authentication, and data encryption, a pixel address is used as a challenge and a predetermined
  • the information security signal processing including the authentication processing in which the response data generated in the procedure is used as a response is executed as the signal processing in the blanking period of the image signal processing or the signal processing for each row (line).
  • the first embodiment it is possible to prevent a decrease in the image data frame rate due to the processing time of signal processing for information security, and prevent an increase in the device cost due to the processing circuit.
  • the above-described key generation unit 282 has described the example in which the unique keys are generated based on the variation information of the pixels or the reading circuit 240. However, the unique keys generated by the different variation information are operated to obtain the final unique keys. It can also be configured to obtain the key. For example, the following configuration is also possible.
  • the key generation unit 282 uses, for example, the variation information of the ADC 241, the amplifier (AMP) 242, or the S / H circuit 243 of the read circuit 240 to generate the first unique key, and the read circuit 240.
  • This configuration can be applied to pixel variation information as well.
  • the integration unit 285 may be configured to include a function of hierarchically masking an image portion using the integration key information. Further, the unifying unit 285 may be configured to include a function of adding a digital watermark to an image using the unifying key information.
  • SoC System on Chip
  • signal processing for generating a key and identification data is completed inside the chip, and identification is performed without outputting unique key data to the outside of the chip.
  • a configuration capable of generating data can be adopted.
  • the solid-state imaging device 21 of the present embodiment can be configured to have a drive timing for accumulating a leak current or the like for a long time, in addition to the normal read drive timing.
  • the full-scale voltage of the analog amplifier, digital amplifier, or ADC may be reduced, and the accumulated voltage of the leak voltage may be emphasized and output.
  • the random noise component may be reduced by averaging or adding the data of a plurality of rows or a plurality of frames.
  • the information acquisition unit 281 can employ the variation information of the ADC as the variation information CFLC of the constituent circuits of the read circuit 240. Further, the information acquisition unit 281 can employ the variation information of the amplifier (AMP, amplifier) as the variation information CFLC of the constituent circuits of the read circuit 240. Further, the information acquisition unit 281 can adopt the variation information of the S / H circuit as the variation information CFLC of the constituent circuits of the read circuit 240. Further, the information acquisition unit 281 can adopt the output (variation) information of the SRAM of the column memory as the variation information CFLC of the constituent circuits of the read circuit 240.
  • AMP amplifier
  • the information acquisition unit 281 can adopt the variation information of the S / H circuit as the variation information CFLC of the constituent circuits of the read circuit 240.
  • the information acquisition unit 281 can adopt the output (variation) information of the SRAM of the column memory as the variation information CFLC of the constituent circuits of the read circuit 240.
  • FIG. 20 is a block diagram showing a configuration example of an in-vivo camera system according to the second embodiment of the present invention.
  • the in-vivo camera system 10B according to the second embodiment is different from the in-vivo camera systems 10 and 10A in the first embodiment in the following points.
  • the in-vivo camera system 10B uses power line communication, the capsule 20B is provided with the power receiver 26, and the receiving device 30B side is provided with the power transmitter 35.
  • the capsule 20B When the capsule 20B receives a preset request from the power transmitter 35 on the receiving device 30B side using power line communication, the capsule 20B transmits the device ID to the receiving device 30B at least once.
  • FIG. 21 is a block diagram which shows the structural example of the in-vivo camera system which concerns on the 3rd Embodiment of this invention.
  • the in-vivo camera system 10C according to the third embodiment is different from the in-vivo camera systems 10, 10A, 10B of the first and second embodiments in the following points.
  • the capsule data CPDT is embedded in the header HD of the video data VD so that erroneous data exchange can be prevented.

Abstract

A camera system (10) according to the present invention comprises: a swallowable capsule (20) in which is installed a solid-state imaging device (21) that serves as a camera (CMR); and a receiving device (30) for receiving wirelessly transmitted video data captured by the capsule (20). The capsule (20) includes a device ID circuit (24) for transmitting a device ID to the receiving device (30). The receiving device (30) includes memory (32) for storing at least the device ID received as a preset. For example, when power is supplied to the camera (CMR) before the capsule (20) is swallowed, the capsule (20) transmits the device ID to the receiving device (30) at least once. As a result, it is possible to realize at least one of device authentication implementation, protection of data completeness and reliability, data encryption, and prevention of the exchange of erroneous data between the capsule and at least a receiver on the receiving device side.

Description

カメラシステムおよびカメラシステムの駆動方法Camera system and method of driving camera system
 本発明は、嚥下可能なカプセルに搭載した固体撮像装置で捕捉したビデオデータを受信系に送信するカメラシステムおよびカメラシステムの駆動方法に関するものである。 The present invention relates to a camera system for transmitting video data captured by a solid-state imaging device mounted on a swallowable capsule to a receiving system and a driving method for the camera system.
 光を検出して電荷を発生させる光電変換素子を用いた固体撮像装置(イメージセンサ)として、CCD(Charge Coupled Device)イメージセンサやCMOS(Complementary Metal Oxide Semiconductor)イメージセンサが実用に供されている。
 CCDイメージセンサおよびCMOSイメージセンサは、デジタルカメラ、ビデオカメラ、監視カメラ、医療用内視鏡、パーソナルコンピュータ(PC)、携帯電話等の携帯端末装置(モバイル機器)等の各種電子機器の一部として広く適用されている。 A CCD (Charge Coupled Device) image sensor and a CMOS (Complementary Metal Oxide Semiconductor) image sensor have been put to practical use as a solid-state imaging device (image sensor) using a photoelectric conversion element that detects light and generates an electric charge.
CCD image sensors and CMOS image sensors are used as a part of various electronic devices such as digital cameras, video cameras, surveillance cameras, medical endoscopes, personal computers (PC), and mobile terminal devices (mobile devices) such as mobile phones. Widely applied.
 このような固体撮像装置を搭載した医療機器用カメラシステムとして、嚥下可能なカプセルに搭載した固体撮像装置で捕捉したビデオデータを受信装置に送信する生体内カメラシステムが提案されている(たとえば、特許文献1参照)。
 この生体内カメラシステムでは、カプセルのサイズおよび電力消費を最小にするために、生(raw)のビデオデータは受信装置に無線で送信され、次いで画像処理される。 As a camera system for a medical device equipped with such a solid-state imaging device, an in-vivo camera system has been proposed that transmits video data captured by the solid-state imaging device mounted in a swallowable capsule to a receiving device (for example, patents). Reference 1).
In this in-vivo camera system, raw video data is wirelessly transmitted to a receiving device and then image processed to minimize capsule size and power consumption.
 また、この種の生体内カメラシステムにおいては、カプセル側に信号受信機を備えることができる(たとえば、特許文献2参照)。
 このカメラシステムでは、カプセルが受信装置(制御装置)からの制御信号を無線で受信し、カメラや照射部などを制御できるように構成される。 Further, in this type of in-vivo camera system, a signal receiver can be provided on the capsule side (see, for example, Patent Document 2).
In this camera system, the capsule is configured to wirelessly receive a control signal from the receiving device (control device) and control the camera, the irradiation unit, and the like.
USP 5,604,531USP 5,604,531 特開2013-66694号公報JP, 2013-66694, A
 ところが、上述した生体内カメラシステムにおいては、画像センサ(固体撮像装置)による生データ(raw data)の無線送信のために、システムは傍受や偽装などの攻撃に対して脆弱である。
 これにより、上述の生体内カメラシステムにおいては、個人情報のセキュリティリスクが発生する可能性がある。 However, in the above-described in-vivo camera system, the system is vulnerable to attacks such as interception and camouflage due to wireless transmission of raw data by the image sensor (solid-state imaging device).
As a result, in the above-mentioned in-vivo camera system, a security risk of personal information may occur.
 このような状況に鑑み、生体内カメラシステムにおいては、カプセルと少なくとも受信装置側の受信機との間で、デバイス認証の実装、データの完全性と信頼性の保護、データ暗号化、誤ったデータのやりとりを防止する機能の実現が高く要望されている。 In view of such a situation, in the in-vivo camera system, implementation of device authentication, protection of data integrity and reliability, data encryption, and incorrect data are provided between the capsule and at least the receiver of the receiving device. There is a strong demand for the realization of a function to prevent the exchange of information.
 近年、LSIのセキュリティ技術としてPUF (Physically Unclonable Function;物理複製困難関数)と呼ばれる技術が近年注目を集めている。PUFは半導体におけるばらつきを物理特徴量として抽出し、デバイス固有の出力を得る技術である。
 また、半導体デバイスにおいてPUFとは、製造時に発生するトランジスタのしきい値のばらつきなどにより起こる微小な性能のずれを抽出し、固有のIDとして出力する回路である。
 このPUFで発生させた固有IDを用いてデバイスを認証したり,取得データに真正性を確保するためのメッセージ認証符号(MAC)を付与したりすることで情報の改ざんを防止できる。 In recent years, a technology called PUF (Physically Unclonable Function) has attracted attention in recent years as an LSI security technology. PUF is a technique for extracting variations in semiconductors as physical characteristic amounts and obtaining an output unique to a device.
Further, in the semiconductor device, the PUF is a circuit that extracts a minute performance shift caused by variations in the threshold value of a transistor that occurs during manufacturing and outputs it as a unique ID.
Falsification of information can be prevented by authenticating the device using the unique ID generated by the PUF or adding a message authentication code (MAC) to the acquired data to ensure authenticity.
 以上のような状況において、CMOSイメージセンサ(CIS)に余分な回路を追加せず、CISの画素ばらつきを取り出し、それを個体固有の情報として利用することでセキュリティ機能をもたせられるCMOSイメージセンサPUF(CIS-PUF)が提案されている。 In such a situation, the CMOS image sensor PUF (which has a security function by extracting the pixel variation of the CIS and using it as the information peculiar to an individual without adding an extra circuit to the CMOS image sensor (CIS) CIS-PUF) has been proposed.
 たとえば、非特許文献1および2には、センサのデバイス認証と画像データの改ざんを防止する対策として、CMOSイメージセンサにおける画素ばらつき情報からPUFの固有IDを生成するCMOSイメージセンサPUF (CIS-PUF)が提案されている。 For example, Non-Patent Documents 1 and 2 describe a CMOS image sensor PUF (CIS-PUF) that generates a unique ID of a PUF from pixel variation information in a CMOS image sensor as a measure to prevent device authentication of the sensor and tampering with image data. Is proposed.
 これらのCIS-PUFではPUFレスポンスを生成する際に、画素トランジスタのばらつきに相当する複数ビットのデジタル値を出力し,隣接するトランジスタのしきい値電圧の大小関係より1/0のレスポンスを得る。
 大小比較する画素トランジスタの値の差が大きい場合は、ノイズや温度・電圧などの環境条件が変動しても、しきい値電圧の大小関係は反転しないため、安定なビットであることが判断できる。 In these CIS-PUFs, when generating a PUF response, a digital value of a plurality of bits corresponding to the variation of pixel transistors is output, and a response of 1/0 is obtained from the magnitude relation of the threshold voltages of adjacent transistors.
If the difference between the values of the pixel transistors to be compared is large, the size relationship of the threshold voltages is not reversed even if environmental conditions such as noise and temperature / voltage change, so it can be determined that the bits are stable. ..
 なお、PUFレスポンス生成時に、レスポンス中で、エラービットになりやすいビットを予測できる性質は、従来典型的なPUFとして提案されている(非特許文献3,4参照)。 Note that the property of predicting a bit that is likely to be an error bit in a response when generating a PUF response has been proposed as a typical PUF in the past (see Non-Patent Documents 3 and 4).
 ところで、デバイス個体固有のばらつきをセキュリティに利用するPUFの応用としてチャレンジおよびレスポンス認証(Challenge & Response(CR認証)、またはデバイス認証)、データ整合性認証、データ暗号化(暗号鍵(固有鍵)生成)の利用がある。 By the way, as an application of PUF that uses the variation unique to each device for security, challenge and response authentication (Challenge & Response (CR authentication) or device authentication), data integrity authentication, data encryption (encryption key (unique key) generation ) Is available.
 しかしながら、これら認証等のCMOSイメージセンサ(CIS)の高度な情報セキュリティのための信号処理は、処理時間による画像データフレームレートの低下を招き、処理回路による装置コストの増加を招く。 However, signal processing for advanced information security of the CMOS image sensor (CIS) such as authentication causes a reduction in the image data frame rate due to the processing time and an increase in the device cost due to the processing circuit.
 本発明は、カプセルと少なくとも受信装置側の受信機との間で、デバイス認証の実装、データの完全性と信頼性の保護、データ暗号化、誤ったデータのやりとりの防止の少なくともいずれかを実現することが可能なカメラシステムおよびカメラシステムの駆動方法を提供することにある。 The present invention realizes at least one of implementation of device authentication, protection of data integrity and reliability, data encryption, and prevention of erroneous data exchange between the capsule and at least the receiver on the receiver side. It is an object of the present invention to provide a camera system and a method for driving the camera system that can perform the above.
 本発明は、カプセルと少なくとも受信装置側の受信機との間で、デバイス認証の実装、データの完全性と信頼性の保護、データ暗号化、誤ったデータのやりとりの防止の少なくともいずれかを実現することが可能で、しかも、情報セキュリティのための信号処理の処理時間による画像データフレームレートの低下を防止でき、処理回路による装置コストの増加を防止することが可能なカメラシステムおよびカメラシステムの駆動方法を提供することにある。 The present invention realizes at least one of implementation of device authentication, protection of data integrity and reliability, data encryption, and prevention of erroneous data exchange between the capsule and at least the receiver on the receiver side. A camera system and a camera system drive capable of reducing the image data frame rate due to the processing time of signal processing for information security and preventing an increase in device cost due to a processing circuit. To provide a method.
 本発明の第1の観点のカメラシステムは、カメラとしての固体撮像装置が搭載された嚥下可能なカプセルと、前記カプセルで捕捉され無線により送信されたビデオデータを受信する受信装置と、を有し、前記カプセルは、デバイスIDを前記受信装置に送信するデバイスID回路を含み、前記受信装置は、少なくともプリセット用に受信した前記デバイスIDを格納するメモリを含む。 A camera system according to a first aspect of the present invention includes a swallowable capsule equipped with a solid-state imaging device as a camera, and a receiving device that receives video data captured by the capsule and wirelessly transmitted. The capsule includes a device ID circuit that transmits a device ID to the receiving device, and the receiving device includes at least a memory that stores the device ID received for presetting.
 本発明の第2の観点は、カメラとしての固体撮像装置が搭載された嚥下可能なカプセルと、前記カプセルで捕捉され無線により送信されたビデオデータを受信する受信装置と、を有するカメラシステムの駆動方法であって、前記カプセルが所定のトリガに応答して、前記受信装置に前記デバイスIDを少なくとも1回送信し、前記受信装置が、受信した前記デバイスIDをプリセット用としてメモリに格納する。そして、たとえば前記受信装置が、認証を行う場合、前記カプセルに対して認証要求を送信し、前記カプセルが前記受信装置による認証要求に応答して、前記デバイスID回路により生成されたデバイスIDを送信し、前記受信装置が、当該認証要求に応答して前記カプセルから送信されたデバイスIDを受信して、受信したデバイスIDと前記メモリにプリセットしてあるデバイスIDとを評価し、両IDが同一であれば、カプセルにビデオデータを送信するよう要求し、前記カプセルが、前記受信装置からの送信要求に応答してカメラで捕捉したビデオデータを前記受信装置に送信する。 A second aspect of the present invention is to drive a camera system that includes a swallowable capsule equipped with a solid-state imaging device as a camera, and a receiving device that receives video data captured by the capsule and wirelessly transmitted. In the method, the capsule transmits the device ID to the receiving device at least once in response to a predetermined trigger, and the receiving device stores the received device ID in a memory for presetting. Then, for example, when the receiving device performs authentication, it sends an authentication request to the capsule, and the capsule sends a device ID generated by the device ID circuit in response to the authentication request from the receiving device. Then, the receiving device receives the device ID transmitted from the capsule in response to the authentication request, evaluates the received device ID and the device ID preset in the memory, and the both IDs are the same. In that case, the capsule is requested to transmit the video data, and the capsule transmits the video data captured by the camera to the receiving device in response to the transmission request from the receiving device.
 本発明によれば、カプセルと少なくとも受信装置側の受信機との間で、デバイス認証の実装、データの完全性と信頼性の保護、データ暗号化、誤ったデータのやりとりの防止の少なくともいずれかを実現することが可能となる。
 また、本発明によれば、情報セキュリティのための信号処理の処理時間による画像データフレームレートの低下を防止でき、処理回路による装置コストの増加を防止することが可能となる。 According to the present invention, at least one of implementation of device authentication, protection of data integrity and reliability, data encryption, and prevention of erroneous data exchange between the capsule and at least the receiver on the receiving device side. Can be realized.
Further, according to the present invention, it is possible to prevent the image data frame rate from decreasing due to the processing time of signal processing for information security, and to prevent the increase in the device cost due to the processing circuit.
図1は、本発明の第1の実施形態に係る生体内カメラシステムの第1の構成例を示すブロック図である。FIG. 1 is a block diagram showing a first configuration example of the in-vivo camera system according to the first embodiment of the present invention. 図2は、本発明の第1の実施形態に係る生体内カメラシステムの第2の構成例を示すブロック図である。FIG. 2 is a block diagram showing a second configuration example of the in-vivo camera system according to the first embodiment of the present invention. 図3は、本第1の実施形態に係るカメラシステムにおけるデバイスIDのプリセット尾およびデバイス認証動作を説明するための図である。FIG. 3 is a diagram for explaining a device ID preset tail and a device authentication operation in the camera system according to the first embodiment. 図4は、本第1の実施形態に係るカメラシステムにおけるデバイスIDのプリセットおよびデータの完全性と信頼性の保護動作を説明するための図である。FIG. 4 is a diagram for explaining a device ID preset operation and a data integrity and reliability protection operation in the camera system according to the first embodiment. 図5は、本第1の実施形態に係るカメラシステムにおけるデバイスIDのプリセットおよび暗号化動作を説明するための図である。FIG. 5 is a diagram for explaining device ID presetting and encryption operations in the camera system according to the first embodiment. 図6は、本発明の実施形態に係る固体撮像装置の構成例を示すブロック図である。FIG. 6 is a block diagram showing a configuration example of the solid-state imaging device according to the embodiment of the present invention. 図7は、チャレンジおよびレスポンス認証(Challenge & Response(CR認証))システムの概要について説明するための図である。FIG. 7 is a diagram for explaining the outline of the challenge and response authentication (Challenge & Response (CR authentication)) system. 図8(A)および図8(B)は、本実施形態におけるデバイス認証について説明するための図である。FIG. 8A and FIG. 8B are diagrams for explaining device authentication in the present embodiment. 図9(A)および図9(B)は、本実施形態におけるデータ整合性認証について説明するための図である。9A and 9B are views for explaining the data integrity authentication in this embodiment. 図10(A)および図10(B)は、本実施形態におけるデータ暗号化処理について説明するための第1図である。10 (A) and 10 (B) are first diagrams for explaining the data encryption processing in the present embodiment. 図11(A)~図11(C)は、本実施形態におけるデータ暗号化処理について説明するための第2図である。11A to 11C are second diagrams for explaining the data encryption processing according to the present embodiment. 図12は、本実施形態に係る画素の一例を示す回路図である。FIG. 12 is a circuit diagram showing an example of the pixel according to the present embodiment. 図13(A)~図13(C)は、本発明の実施形態に係る固体撮像装置の画素部の列出力の読み出し系の構成例を説明するための図である。FIGS. 13A to 13C are diagrams for explaining a configuration example of a column output readout system of the pixel unit of the solid-state imaging device according to the embodiment of the present invention. 図14は、本実施形態に係る暗号化処理系であるレスポンスデータ作成の全体的な概要を示すブロック図である。FIG. 14 is a block diagram showing an overall outline of response data creation which is the encryption processing system according to the present embodiment. 図15(A)~図15(E)は、画素のばらつき情報としてソースフォロワトランジスタのしきい値のばらつき情報を採用した場合の通常動作モードとレスポンス作成モードにおける要部の動作波形等を示す図である。FIG. 15A to FIG. 15E are diagrams showing operation waveforms and the like of main parts in the normal operation mode and the response creation mode when the variation information of the threshold of the source follower transistor is adopted as the variation information of the pixel. Is. 図16は、CMOSイメージセンサPUF(CIS-PUF)の要部を形成するばらつき情報を取得するのに好適な情報取得部を含む、本実施形態に係る画素部および列毎に配置された列読出し回路の概要を示す図である。FIG. 16 is a diagram showing a pixel section according to the present embodiment, including an information acquisition section suitable for acquiring variation information forming a main part of a CMOS image sensor PUF (CIS-PUF), and column readout arranged for each column. It is a figure which shows the outline of a circuit. 図17は、図16のCIS-PUFの画素ばらつきを利用したPUFレスポンス生成の様子を示す図である。FIG. 17 is a diagram showing a state of PUF response generation using the pixel variation of the CIS-PUF of FIG. 図18は、図16および図17に示すようなレスポンス生成方式によって得られたPUF性能としての再現性とユニーク性を示す図である。FIG. 18 is a diagram showing the reproducibility and uniqueness as the PUF performance obtained by the response generation method as shown in FIGS. 図19は、ユニーク性と再現性から求めたFPRとFNRを示す図である。FIG. 19 is a diagram showing FPR and FNR obtained from uniqueness and reproducibility. 図20は、本発明の第2の実施形態に係る生体内カメラシステムの構成例を示すブロック図である。FIG. 20 is a block diagram showing a configuration example of an in-vivo camera system according to the second embodiment of the present invention. 図21は、本発明の第3の実施形態に係る生体内カメラシステムの構成例を示すブロック図である。FIG. 21 is a block diagram showing a configuration example of an in-vivo camera system according to the third embodiment of the present invention.
 10,10A,10B,10C・・・生体内カメラシステム、20,20A,20B・・・カプセル、21,21A,21B・・・固体撮像装置、22・・・送信機、24・・・デバイスID回路、26・・・電力受信機、CMR・・・カメラ、30・・・受信装置、31・・・受信機、32・・・メモリ、33・・・送信機、35・・・電力送信機、220,220A・・・画素部、230・・・垂直走査回路、240・・・読み出し回路、244・・・クリップ回路、250・・・水平走査回路、260・・・タイミング制御回路、270・・・信号処理回路、710・・・ビデオI/F、720・・・多ビット化部、280・・・レスポンスデータ生成部(暗号化処理系)、281・・・情報取得部、282,282A・・・鍵生成部、283・・・画像データ生成部、284・・・識別データ生成部、285・・・一体化部、286・・・メモリ、290・・・読み出し部、100・・・CR認証システム、200・・・CIS-PUFチップ、300・・・マイクロコンピュータ(マイコン)。 10, 10A, 10B, 10C ... In-vivo camera system, 20, 20A, 20B ... Capsule, 21, 21A, 21B ... Solid-state imaging device, 22 ... Transmitter, 24 ... Device ID Circuit, 26 ... Power receiver, CMR ... Camera, 30 ... Receiving device, 31 ... Receiver, 32 ... Memory, 33 ... Transmitter, 35 ... Power transmitter , 220, 220A ... Pixel part, 230 ... Vertical scanning circuit, 240 ... Readout circuit, 244 ... Clip circuit, 250 ... Horizontal scanning circuit, 260 ... Timing control circuit, 270 ... ..Signal processing circuit, 710 ... Video I / F, 720 ... Multi-bit conversion unit, 280 ... Response data generation unit (encryption processing system), 281 ... Information acquisition unit, 282, 282A ... key generation unit, 283 ... image data generation unit, 284 ... identification data generation unit, 285 ... integrated unit, 286 ... memory, 290 ... read-out unit, 100 ... CR authentication system, 200 ... CIS-PUF chip, 300 ... Microcomputer.
 以下、本発明の実施形態を図面に関連付けて説明する。 Hereinafter, embodiments of the present invention will be described with reference to the drawings.
(第1の実施形態)
 図1は、本発明の第1の実施形態に係る生体内カメラシステムの第1の構成例を示すブロック図である。
 図2は、本発明の第1の実施形態に係る生体内カメラシステムの第2の構成例を示すブロック図である。 (First embodiment)
FIG. 1 is a block diagram showing a first configuration example of the in-vivo camera system according to the first embodiment of the present invention.
FIG. 2 is a block diagram showing a second configuration example of the in-vivo camera system according to the first embodiment of the present invention.
 この生体内カメラシステム10は、基本的に、嚥下可能なカプセル20、およびカプセル20との間で無線通信可能な受信装置30を含んで構成されている。 The in-vivo camera system 10 is basically configured to include a swallowable capsule 20 and a receiving device 30 capable of wireless communication with the capsule 20.
 カメラシステム10においては、画像センサ(固体撮像装置)による生データ(raw data)の無線送信のために、システムは傍受や偽装などの攻撃に対して脆弱であり、これにより、個人情報のセキュリティリスクが発生する可能性がある。
 そこで、本実施形態の生体内カメラシステム10においては、カプセル20と少なくとも受信装置30側の受信機との間で、デバイス認証の実装、データの完全性と信頼性の保護、データ暗号化、誤ったデータのやりとりの防止の少なくともいずれかを実現することが可能となるように構成されている。 In the camera system 10, the wireless transmission of raw data by the image sensor (solid-state imaging device) makes the system vulnerable to attacks such as eavesdropping and camouflage, which results in a security risk of personal information. May occur.
Therefore, in the in-vivo camera system 10 of the present embodiment, between the capsule 20 and at least the receiver on the side of the receiving device 30, implementation of device authentication, protection of data integrity and reliability, data encryption, and error. It is configured so that it is possible to realize at least one of prevention of exchange of data.
 図1のカプセル20は、カメラCMRを構成する固体撮像装置21および光学系(レンズ系)22、並びに送信機(TX)23を有している。
 図2のカプセル20Aは、さらに、受信機(RX)25を有している。 The capsule 20 of FIG. 1 has a solid-state imaging device 21 and an optical system (lens system) 22 that constitute a camera CMR, and a transmitter (TX) 23.
The capsule 20A in FIG. 2 further includes a receiver (RX) 25.
 本実施形態に係る固体撮像装置21は、たとえばCMOSイメージセンサにより形成される。 The solid-state imaging device 21 according to this embodiment is formed of, for example, a CMOS image sensor.
 固体撮像装置21は、カプセル20,20Aのデバイス認証と画像データの改ざん等を防止する対策として、CMOSイメージセンサにおける画素ばらつきからPUFの固有IDを生成するデバイスID回路24の機能を備えるCMOSイメージセンサPUF(CIS-PUF)として形成されている。
 固体撮像装置21は、CIS-PUFではPUFのレスポンス(以下、PUFレスポンスという場合もある)を生成する際に、画素のばらつき情報および読み出し部のばらつき情報のうちの少なくともいずれか一方に関連付けて固有鍵を含むレスポンスデータを生成することが可能に構成される。 The solid-state imaging device 21 includes a CMOS image sensor having a function of a device ID circuit 24 that generates a PUF unique ID from pixel variations in the CMOS image sensor as a measure for preventing device authentication of the capsules 20 and 20A and falsification of image data. It is formed as a PUF (CIS-PUF).
In the CIS-PUF, the solid-state imaging device 21 is unique in association with at least one of pixel variation information and readout unit variation information when generating a PUF response (hereinafter, also referred to as PUF response). It is configured to be able to generate response data including a key.
 また、固体撮像装置21は、後で詳述するように、通常画像を生成する通常動作モードMDUとは異なるセキュリティモードでレスポンスデータの生成処理を含む情報セキュリティ信号処理が可能な信号処理回路を含んで構成される。
 この信号処理回路が実施する情報セキュリティ信号処理は、少なくとも、レスポンスデータの生成処理、デバイス認証、データの完全性と信頼性の保護(データ整合性認証)、およびデータ暗号化のいずれかである。
 そして、情報セキュリティ信号処理は、たとえば固体撮像装置21の画素アドレスをチャレンジ(Challenge)とし、所定の手順で生成したレスポンスデータをレスポンス(Response)とする認証処理を含む。 Further, the solid-state imaging device 21 includes a signal processing circuit capable of information security signal processing including response data generation processing in a security mode different from the normal operation mode MDU for generating a normal image, as described later in detail. Composed of.
The information security signal processing performed by this signal processing circuit is at least one of response data generation processing, device authentication, data integrity and reliability protection (data integrity authentication), and data encryption.
Then, the information security signal processing includes, for example, an authentication processing in which the pixel address of the solid-state imaging device 21 is used as a challenge and the response data generated by a predetermined procedure is used as a response.
 光学系(レンズ等)22は、CMOSイメージセンサの画素領域に入射光を導く(被写体像を結像する)。 Optical system (lens etc.) 22 guides incident light to the pixel area of the CMOS image sensor (forms a subject image).
 送信機23は、デバイスID回路24により生成されたデバイスID,カメラCMRで捕捉されたビデオデータ等を受信装置30(30A)に向けて無線で送信する。 The transmitter 23 wirelessly transmits the device ID generated by the device ID circuit 24, the video data captured by the camera CMR, and the like to the receiving device 30 (30A).
 カプセル20(20A)は、所定のトリガに応答して、受信装置30(30A)にデバイスID回路24により生成されたデバイスIDを少なくとも1回送信する。デバイスIDの生成方法については後で詳述する。
 なお、プリセット用のデバイスIDは、カプセル20が飲み込まれる(嚥下される)前に事前に送信する必要がある。 The capsule 20 (20A) transmits the device ID generated by the device ID circuit 24 to the receiving device 30 (30A) at least once in response to a predetermined trigger. The method of generating the device ID will be described in detail later.
The device ID for preset needs to be transmitted in advance before the capsule 20 is swallowed (swallowed).
 たとえば、カプセル20(20A)は、カメラCMRに電力が供給されると、受信装置30にデバイスID回路24により生成されたデバイスIDを少なくとも1回送信する。 For example, when power is supplied to the camera CMR, the capsule 20 (20A) transmits the device ID generated by the device ID circuit 24 to the receiving device 30 at least once.
 たとえば、カプセル20(20A)は、青色系光がカメラCMRに曝されると、受信装置30にデバイスID回路24により生成されたデバイスIDを少なくとも1回送信する。
 この青色系光には、緑色光やシアン色光が含まれる。 For example, the capsule 20 (20A) transmits the device ID generated by the device ID circuit 24 to the receiving device 30 at least once when the blue light is exposed to the camera CMR.
The blue light includes green light and cyan light.
 たとえば、カプセル20(20A)は、受信装置30(30A)からプリセットリクエストを受信すると、受信装置30にデバイスID回路24により生成されたデバイスIDを少なくとも1回送信する。 For example, when the capsule 20 (20A) receives the preset request from the receiving device 30 (30A), it transmits the device ID generated by the device ID circuit 24 to the receiving device 30 at least once.
 なお、デバイスID回路24は、固体撮像装置21のヒューズ、送信装置のヒューズ、PUF系回路、または固体撮像装置21のPUF系回路により形成される。 The device ID circuit 24 is formed by the fuse of the solid-state imaging device 21, the fuse of the transmission device, the PUF system circuit, or the PUF system circuit of the solid-state imaging device 21.
 受信装置30は、受信機31、およびメモリ32を有している。
 図2の受信装置30Aは、さらに、送信機33を有している。 The receiving device 30 has a receiver 31 and a memory 32.
The receiving device 30A in FIG. 2 further includes a transmitter 33.
 受信機31は、カプセル20の送信機23から無線で送信される、デバイスID回路24により生成されたデバイスID,カメラCMRで捕捉されたビデオデータ等を受信する。 The receiver 31 receives the device ID generated by the device ID circuit 24, the video data captured by the camera CMR, and the like, which are wirelessly transmitted from the transmitter 23 of the capsule 20.
 メモリ32は、たとえば不揮発性メモリ等により形成され、受信装置30(30A)のコントローラの制御の下、受信機31で受信されたプリセット用のデバイスIDが格納される。 The memory 32 is formed of, for example, a non-volatile memory, and stores the preset device ID received by the receiver 31 under the control of the controller of the receiving device 30 (30A).
 本実施形態のカメラシステム10,10Aにおいては、上述したように、プリセット用のデバイスIDは、カプセル20が飲み込まれる(嚥下される)前に事前に設定する必要がある。
 受信装置30(30A)は、プリセットすべきデバイスIDを安全なメモリ32に格納する。 In the camera systems 10 and 10A of the present embodiment, as described above, the preset device ID needs to be set in advance before the capsule 20 is swallowed (swallowed).
The receiving device 30 (30A) stores the device ID to be preset in the secure memory 32.
 送信機33は、受信装置30(30A)のコントローラの制御の下、カプセル20(20A)に認証要求を無線で送信する。 The transmitter 33 wirelessly transmits an authentication request to the capsule 20 (20A) under the control of the controller of the receiving device 30 (30A).
 本カメラシステム10においては、カプセル20(20A)と少なくとも受信装置30(30A)側の受信機31との間で、デバイス認証の実装、データの完全性と信頼性の保護、データ暗号化、誤ったデータのやりとりの防止を実現するように、次のように動作する。 In the camera system 10, between the capsule 20 (20A) and at least the receiver 31 on the receiving device 30 (30A) side, device authentication is implemented, data integrity and reliability protection, data encryption, and error It operates as follows to realize the prevention of the exchange of data.
(デバイス認証)
 図3は、本第1の実施形態に係るカメラシステムにおけるデバイスIDのプリセットおよびデバイス認証動作を説明するための図である。なお、図3は、図2の第2の構成例に対応している。 (Device authentication)
FIG. 3 is a diagram for explaining device ID presetting and device authentication operations in the camera system according to the first embodiment. Note that FIG. 3 corresponds to the second configuration example of FIG. 2.
プリセット:
 受信装置30Aは、カプセル20Aから送信され、受信したデバイスIDを安全なメモリ32に格納する。なお、上述したように、デバイスIDは、カプセル20Aが生体内に飲み込まれる(嚥下される)前に事前に設定する必要がある。 preset:
The receiving device 30A stores the received device ID transmitted from the capsule 20A in the secure memory 32. Note that, as described above, the device ID needs to be set in advance before the capsule 20A is swallowed (swallowed) in the living body.
認証:
 カプセル20Aが生体内にある場合、受信装置30Aはカプセル20Aに認証要求を送信する(図3のID request(Challenge):ST1)。
 カプセル20Aは、受信装置30Aによる認証要求に応答して、デバイスID回路24により生成されたデバイスIDを送信する(図3のResponse:ST2)。
 受信装置30Aは、受信したデバイスIDとメモリ32にプリセットしてあるデバイスIDとを評価(比較)する。受信装置30Aは、両IDが同一であれば、カプセル20Aにビデオデータを送信するよう要求する(図3のokay,ST3)。
 カプセル20Aは、受信装置30Aからの送信要求に応答してカメラCMRで捕捉したビデオデータを受信装置30Aに送信する(図3のvideo、ST4)。
 なお、受信装置30は、受信したデバイスIDとメモリ32にプリセットしてあるデバイスIDの両IDが同一でなければ、カプセル20Aにビデオデータを送信するよう要求を出さずに警告信号を出力する。 Certification:
When the capsule 20A is in the living body, the receiving device 30A transmits an authentication request to the capsule 20A (ID request (Challenge): ST1 in FIG. 3).
The capsule 20A transmits the device ID generated by the device ID circuit 24 in response to the authentication request from the receiving device 30A (Response: ST2 in FIG. 3).
The reception device 30A evaluates (compares) the received device ID with the device ID preset in the memory 32. If both IDs are the same, the receiving device 30A requests the capsule 20A to transmit the video data (okay, ST3 in FIG. 3).
The capsule 20A transmits the video data captured by the camera CMR to the receiving device 30A in response to the transmission request from the receiving device 30A (video, ST4 in FIG. 3).
If the received device ID and the device ID preset in the memory 32 are not the same, the receiving device 30 outputs a warning signal without issuing a request to transmit video data to the capsule 20A.
 このように、デバイス認証は、チャレンジおよびレスポンス認証が好ましい。また、カプセル20Aは、図2のように、受信機(RX)または受電装置を装備する必要がある。 Like this, challenge and response authentication are preferable for device authentication. Further, the capsule 20A needs to be equipped with a receiver (RX) or a power receiving device as shown in FIG.
(データの完全性と信頼性の保護)
 図4は、本第1の実施形態に係るカメラシステムにおけるデバイスIDのプリセットおよびデータの完全性と信頼性の保護動作を説明するための図である。なお、図4は、図1の第1の構成例に対応している。 (Protection of data integrity and reliability)
FIG. 4 is a diagram for explaining a device ID preset operation and a data integrity and reliability protection operation in the camera system according to the first embodiment. Note that FIG. 4 corresponds to the first configuration example of FIG. 1.
プリセット:
 受信装置30は、カプセル20から送信され、受信したデバイスIDを安全なメモリ32に格納する。なお、上述したように、デバイスIDは、カプセル20が生体内に飲み込まれる(嚥下される)前に事前に設定する必要がある。 preset:
The receiving device 30 stores the received device ID transmitted from the capsule 20 in the secure memory 32. Note that, as described above, the device ID needs to be set in advance before the capsule 20 is swallowed (swallowed) in the living body.
データ保護:
 カプセル20は、デバイスIDに基づいてキーKYを生成するキー生成回路26を備えていて、ビデオデータVDおよび符号化データをキーKYで送信する(図4のST11)。
 受信装置30は、ビデオデータおよびキーをメモリ32にプリセットされているデバイスIDに基づいて評価し、ビデオデータの完全性および信頼性を保護する(図4のST12)。
 この場合、MAC(メッセージ認証コード)を利用することができる。 Data protection:
The capsule 20 includes a key generation circuit 26 that generates a key KY based on the device ID, and transmits the video data VD and the encoded data using the key KY (ST11 in FIG. 4).
The receiving device 30 evaluates the video data and the key based on the device ID preset in the memory 32, and protects the integrity and reliability of the video data (ST12 in FIG. 4).
In this case, MAC (Message Authentication Code) can be used.
(暗号化)
 図5は、本第1の実施形態に係るカメラシステムにおけるデバイスIDのプリセットおよび暗号化動作を説明するための図である。なお、図5は、図1の第1の構成例に対応している。 (encryption)
FIG. 5 is a diagram for explaining device ID presetting and encryption operations in the camera system according to the first embodiment. Note that FIG. 5 corresponds to the first configuration example of FIG. 1.
プリセット:
 受信装置30は、カプセル20から送信され、受信したデバイスIDを安全なメモリ32に格納する。なお、上述したように、デバイスIDは、カプセル20が生体内に飲み込まれる(嚥下される)前に事前に設定する必要がある。 preset:
The receiving device 30 stores the received device ID transmitted from the capsule 20 in the secure memory 32. Note that, as described above, the device ID needs to be set in advance before the capsule 20 is swallowed (swallowed) in the living body.
暗号化:
 カプセル20は、デバイスIDに基づいてキーKYを生成するキー生成回路26を備えていて、暗号化されたビデオデータVDをキーKYとともに送信する(図5のST21)。
 受信装置30は、ビデオデータを保護するために、暗号化されたビデオデータをメモリ32にプリセットしてあるデバイスIDに基づくキーで復号化する(図5のST22)。
 この場合、AES(Advanced Encryption Standard)を利用することができる。 encryption:
The capsule 20 includes a key generation circuit 26 that generates a key KY based on the device ID, and transmits the encrypted video data VD together with the key KY (ST21 in FIG. 5).
In order to protect the video data, the receiving device 30 decrypts the encrypted video data with a key based on the device ID preset in the memory 32 (ST22 in FIG. 5).
In this case, AES (Advanced Encryption Standard) can be used.
 以上、カプセル20(20A)と少なくとも受信装置30(30A)側の受信機との間で、デバイス認証の実装、データの完全性と信頼性の保護、データ暗号化、誤ったデータのやりとりの防止の少なくともいずれかを実現することが可能となる生体内カメラシステム10,10Aの基本的な構成および機能について説明した。
 以下に、カプセルと少なくとも受信装置側の受信機との間で、デバイス認証の実装、データの完全性と信頼性の保護、データ暗号化、誤ったデータのやりとりの防止の少なくともいずれかを実現することが可能で、しかも、情報セキュリティのための信号処理の処理時間による画像データフレームレートの低下を防止でき、処理回路による装置コストの増加を防止することが可能で、また煩雑な手間を要することなく、認証精度を確保しながらCR認証回数を増大させることが可能なカメラシステムを実現するCMOSイメージセンサPUF(CIS-PUF)として形成される固体撮像装置21、認証システム等の具体的な構成について説明する。 As described above, device authentication is implemented, data integrity and reliability are protected, data is encrypted, and erroneous data is exchanged between the capsule 20 (20A) and at least the receiver on the receiving device 30 (30A) side. The basic configurations and functions of the in- vivo camera systems 10 and 10A capable of realizing at least one of the above have been described.
At least one of implementation of device authentication, protection of data integrity and reliability, data encryption, and prevention of erroneous data exchange are realized between the capsule and at least the receiver on the receiving device side. In addition, it is possible to prevent a decrease in the image data frame rate due to the processing time of signal processing for information security, prevent an increase in the device cost due to the processing circuit, and require troublesome work. The specific configuration of the solid-state imaging device 21, which is formed as a CMOS image sensor PUF (CIS-PUF), which realizes a camera system capable of increasing the number of times of CR authentication while ensuring authentication accuracy, an authentication system, etc. explain.
(固体撮像装置21の構成例)
 図6は、本発明の実施形態に係る固体撮像装置の構成例を示すブロック図である。
 本実施形態において、固体撮像装置21は、たとえばCMOSイメージセンサにより構成される。 (Example of configuration of solid-state imaging device 21)
FIG. 6 is a block diagram showing a configuration example of the solid-state imaging device according to the embodiment of the present invention.
In the present embodiment, the solid-state imaging device 21 is composed of, for example, a CMOS image sensor.
 この固体撮像装置21は、図6に示すように、撮像部としての画素部220、垂直走査回路(行走査回路)230、読み出し回路(列(カラム)読み出し回路)240、水平走査回路(列走査回路)250、タイミング制御回路260、および信号処理回路270を主構成要素として有している。
 これらの構成要素のうち、たとえば垂直走査回路230、読み出し回路240、水平走査回路250、およびタイミング制御回路260により画素信号の読み出し部290が構成される。 As shown in FIG. 6, the solid-state image pickup device 21 includes a pixel unit 220 as an image pickup unit, a vertical scanning circuit (row scanning circuit) 230, a reading circuit (column reading circuit) 240, and a horizontal scanning circuit (column scanning). Circuit) 250, a timing control circuit 260, and a signal processing circuit 270 as main constituent elements.
Of these components, for example, the vertical scanning circuit 230, the readout circuit 240, the horizontal scanning circuit 250, and the timing control circuit 260 constitute a pixel signal readout unit 290.
 本実施形態に係る固体撮像装置21は、前述したように、センサであるカプセル20(20A)のデバイス認証と画像データの改ざんを防止する対策として、CMOSイメージセンサにおける画素ばらつきからPUFの固有IDを生成するCMOSイメージセンサPUF(CIS-PUF)として形成されている。
 固体撮像装置21は、CIS-PUFではPUFのレスポンス(以下、PUFレスポンスという場合もある)を生成する際に、画素のばらつき情報および読み出し部のばらつき情報のうちの少なくともいずれか一方に関連付けて固有鍵を含むレスポンスデータを生成することが可能に構成される。 As described above, the solid-state imaging device 21 according to the present embodiment determines the PUF unique ID from the pixel variation in the CMOS image sensor as a measure for preventing device authentication of the sensor 20 (20A) and tampering with the image data. It is formed as a CMOS image sensor PUF (CIS-PUF) for generation.
In the CIS-PUF, the solid-state imaging device 21 is unique in association with at least one of pixel variation information and readout unit variation information when generating a PUF response (hereinafter, also referred to as PUF response). It is configured so that response data including a key can be generated.
 本実施形態に係る固体撮像装置21は、後で詳述するように、PUFレスポンスである画素や読み出し部290のばらつき情報を生成する際に、一例として、画素トランジスタのばらつき情報に相当する複数ビットのデジタル値(LSB値)を出力し、隣接するトランジスタのしきい値電圧の大小関係より1/0のレスポンスデータを取得する。
 固体撮像装置21は、大小比較する画素トランジスタのデジタル値の差が大きい場合は、ノイズや温度・電圧などの環境条件が変動しても、しきい値電圧VTHとの大小関係は反転しないため、安定なビットであることが判断できる。 As will be described later in detail, the solid-state imaging device 21 according to the present embodiment generates a plurality of bits corresponding to the variation information of the pixel transistors when generating the variation information of the pixels and the reading unit 290 which are PUF responses. The digital value (LSB value) is output, and the response data of 1/0 is acquired from the magnitude relation of the threshold voltages of the adjacent transistors.
In the solid-state imaging device 21, when the difference in digital value of the pixel transistors to be compared in magnitude is large, the magnitude relationship with the threshold voltage VTH is not reversed even if environmental conditions such as noise and temperature / voltage change. It can be judged that it is a stable bit.
 また、本実施形態において、CMOSイメージセンサPUF(CIS-PUF)は、CMOSイメージセンサの画素ばらつきおよび読み出し部のばらつき情報のうちの少なくともいずれか一方を抽出しPUFに応用したものである。
 本来、画素ばらつきの多くはCDS回路によって除去されるが、CIS-PUFは相関二重サンプリング(CDS:Correlated Double Sampling)回路を動作させて撮影する通常の撮像モード(通常動作モード)と、CDS回路を動作させずに撮影するセキュリティモード(PUFモードあるいはレスポンス作成モードMDR)を有している。 Further, in the present embodiment, the CMOS image sensor PUF (CIS-PUF) is one in which at least one of the pixel variation of the CMOS image sensor and the variation information of the reading unit is extracted and applied to the PUF.
Originally, most of the pixel variations are removed by the CDS circuit, but the CIS-PUF has a normal imaging mode (normal operation mode) in which a correlated double sampling (CDS) circuit is operated to capture an image, and a CDS circuit. It has a security mode (PUF mode or response creation mode MDR) for shooting without operating.
 そして、本実施形態に係る固体撮像装置21において、信号処理回路270は、レスポンスデータ生成部280を含んで構成され、通常画像を生成する通常動作モードMDUとは異なるセキュリティモードでレスポンスデータの生成処理を含む情報セキュリティ信号処理が可能に構成される。
 本実施形態の信号処理回路270は、受信装置30側のマイクロコンピュータ(以下、マイコンという)と認証処理等にかかわる通信を行うことが可能な無線のビデオインタフェース(I/F)710を有している。
 信号処理回路270は、情報セキュリティのための信号処理の処理時間による画像データフレームレートの低下を防止でき、処理回路による装置コストの増加を防止することが可能となるように、情報セキュリティ信号処理を、画像信号処理のブランキング期間の信号処理または行(ライン)ごとの信号処理として実行する。 Then, in the solid-state imaging device 21 according to the present embodiment, the signal processing circuit 270 is configured to include the response data generation unit 280, and the response data generation process is performed in the security mode different from the normal operation mode MDU that generates the normal image. Information security signal processing including is configured to be possible.
The signal processing circuit 270 of this embodiment has a wireless video interface (I / F) 710 capable of communicating with a microcomputer (hereinafter, referred to as a microcomputer) on the side of the receiving device 30 for authentication processing and the like. There is.
The signal processing circuit 270 performs the information security signal processing so that the image data frame rate can be prevented from lowering due to the processing time of the signal processing for information security and the increase in the device cost due to the processing circuit can be prevented. , Signal processing in the blanking period of image signal processing or signal processing for each row (line).
 本実施形態において、信号処理回路270が実施する情報セキュリティ信号処理は、少なくとも、レスポンスデータの生成処理、デバイス認証、データ整合性認証、およびデータ暗号化のいずれかである。
 そして、情報セキュリティ信号処理は、画素アドレスをチャレンジ(Challenge)とし、所定の手順で生成したレスポンスデータをレスポンス(Response)とする認証処理を含む。 In the present embodiment, the information security signal processing performed by the signal processing circuit 270 is at least one of response data generation processing, device authentication, data integrity authentication, and data encryption.
The information security signal process includes an authentication process in which the pixel address is used as a challenge and the response data generated in a predetermined procedure is used as a response.
 なお、認証を行う際に確保すべき認証精度は、後で詳述するように、情報セキュリティ信号処理のユニーク性と再現性のデータより認証精度の指標として、偽物を本物と認識する確率FPR(False Positive Rate)と本物を偽物と認識する確率FNR(False Negative Rate)を求め、確率FPRと確率FNRにより評価(決定、選定)可能である。 As will be described in detail later, the authentication accuracy to be ensured when performing authentication is the probability FPR () of recognizing a forgery as a genuine product as an index of the authentication accuracy based on the uniqueness and reproducibility data of information security signal processing. False Positive Rate) and a probability FNR (False Negative Rate) of recognizing a genuine article as a false article can be obtained, and evaluation (determination, selection) can be performed by the probability FPR and the probability FNR.
 また、CIS-PUFは画素のアドレスをチャレンジ(Challenge)とし、所定の手順で生成した1/0データをレスポンス(Response)とするPUFである。
 ここで、デバイス個体固有のばらつきをセキュリティに利用するPUFの応用としてのチャレンジおよびレスポンス認証(Challenge & Response(CR認証))の概要について説明する。
 その後、本実施形態の特徴の一つであるデバイス認証、データ整合性認証、およびデータ暗号化の各処理について説明する。 The CIS-PUF is a PUF that uses a pixel address as a challenge and 1/0 data generated by a predetermined procedure as a response.
Here, an outline of challenge and response authentication (Challenge & Response (CR authentication)) as an application of the PUF that uses the variation unique to each device for security will be described.
Then, each process of device authentication, data integrity authentication, and data encryption, which are one of the features of this embodiment, will be described.
(レスポンス認証システムの概要)
 図7は、チャレンジおよびレスポンス認証(Challenge & Response(CR認証))システムの概要について説明するための図である。 (Outline of response authentication system)
FIG. 7 is a diagram for explaining an outline of a challenge and response authentication (Challenge & Response (CR authentication)) system.
 図7のCR認証システム100は、本実施形態に係る固体撮像装置21を搭載したカプセル20(20A)側のCIS-PUFチップ200、および受信装置30(30A)側のマイコン300を含んで構成されている。
 CIS-PUFチップ200は、図6のビデオインタフェース710としてのビデオインタフェース(Video I/F)210を有し、マイコン300はコントロールインタフェース(Control I/F)310を有する。 The CR authentication system 100 of FIG. 7 is configured to include a CIS-PUF chip 200 on the capsule 20 (20A) side equipped with the solid-state imaging device 21 according to the present embodiment, and a microcomputer 300 on the receiving device 30 (30A) side. ing.
The CIS-PUF chip 200 has a video interface (Video I / F) 210 as the video interface 710 of FIG. 6, and the microcomputer 300 has a control interface (Control I / F) 310.
 CIS-PUFを用いたCR認証システム100には、事前登録モードと認証モードがあり、認証を行う前にCIS-PUFチップ200の情報をマイコン300側に登録(プリセット)する必要がある。
 事前登録モードでは、PUFモード側から全画素のIDを生成し、これをマイコン300の安全な領域であるメモリ32に保管する。 The CR authentication system 100 using CIS-PUF has a pre-registration mode and an authentication mode, and it is necessary to register (preset) the information of the CIS-PUF chip 200 in the microcomputer 300 side before performing authentication.
In the pre-registration mode, the IDs of all pixels are generated from the PUF mode side and stored in the memory 32, which is a safe area of the microcomputer 300.
 このCIS-PUFを用いたCR認証システム100において、認証モードでは、初めに認証側のマイコン300がCIS-PUFチップ200に対してPUFモードコマンドを送信する(ステップST101)。
 これを受けてCIS-PUFチップ200はPUFモードで撮影を行いPUFモード画像を得る。
 次に、マイコン300は乱数発生器(RNG)301によりどの画素を使用してIDを生成するかを乱数で決定し、そのアドレス指定をチャレンジ情報としてCIS-PUFチップ200に送信する(ステップST102)。
 CIS-PUFチップ200は受け取ったアドレス指定に従ってPUFモード画像を切り出し、1/0データを生成する。CIS-PUFチップ200は、このIDをチャレンジに対するレスポンスとしてマイコン300に送信する(ステップST103)。
 マイコン300は事前に登録しておいた1/0データから指定したアドレスのIDを切り出し、CIS-PUFチップ200から受け取ったIDと比較する。IDが一致すれば認証成功となる(ステップST104)。 In the CR authentication system 100 using this CIS-PUF, in the authentication mode, the microcomputer 300 on the authentication side first transmits a PUF mode command to the CIS-PUF chip 200 (step ST101).
In response to this, the CIS-PUF chip 200 captures images in the PUF mode and obtains a PUF mode image.
Next, the microcomputer 300 uses a random number generator (RNG) 301 to determine which pixel is used to generate an ID with a random number, and sends the address designation to the CIS-PUF chip 200 as challenge information (step ST102). ..
The CIS-PUF chip 200 cuts out the PUF mode image according to the received address designation and generates 1/0 data. The CIS-PUF chip 200 transmits this ID to the microcomputer 300 as a response to the challenge (step ST103).
The microcomputer 300 cuts out the ID of the specified address from the 1/0 data registered in advance and compares it with the ID received from the CIS-PUF chip 200. If the IDs match, the authentication is successful (step ST104).
 このCR認証システム100の通信処理等を踏まえて、CIS-PUFチップ200の一部である信号処理回路270およびマイコン300における本実施形態の特徴の一つであるデバイス認証、データ整合性認証、およびデータ暗号化の各処理についてより具体的に説明する。 In consideration of the communication processing of the CR authentication system 100, the signal processing circuit 270, which is a part of the CIS-PUF chip 200, and the microcomputer 300, which are one of the features of this embodiment, are device authentication, data integrity authentication, and Each process of data encryption will be described more specifically.
(デバイス認証)
 図8(A)および図8(B)は、本実施形態におけるデバイス認証について説明するための図である。 (Device authentication)
FIG. 8A and FIG. 8B are diagrams for explaining device authentication in the present embodiment.
 デバイス認証において、CIS-PUFチップ200の一部である信号処理回路270は、画素読み出し中に受信装置30側の制御装置としてのマイコン300からの画素のアドレスXYのチャレンジを受信し、CIS-PUFチップ内部のレジスタに受信したアドレスを書き込む。
 次に、セキュリティモード(PUFモード)において、垂直ブランキング期間PVB中に受信したYアドレスに従って画素にアクセスする。
 垂直ブランキング期間PVB中に画素信号を処理して再現性およびユニーク性が改善されたデバイスIDを取得する。
 そして、垂直ブランキング期間PVB中または次の画素読み出し期間中に取得したデバイスIDをチャレンジに対するレスポンスとしてマイコン300に送信する。
 マイコン300は、認証のためにデバイスIDをチェックする。
 認証は、ストリーミングビデオデータの場合、1フレーム、1秒、1分、1時間、または1日のいずれかの期間で実行される。 In the device authentication, the signal processing circuit 270, which is a part of the CIS-PUF chip 200, receives the challenge of the pixel address XY from the microcomputer 300 as the control device on the receiving device 30 side during pixel reading, and the CIS-PUF chip receives the challenge. Write the received address to the register inside the chip.
Next, in the security mode (PUF mode), pixels are accessed according to the Y address received during the vertical blanking period PVB.
The pixel signal is processed during the vertical blanking period PVB to obtain a device ID with improved reproducibility and uniqueness.
Then, the device ID acquired during the vertical blanking period PVB or during the next pixel reading period is transmitted to the microcomputer 300 as a response to the challenge.
The microcomputer 300 checks the device ID for authentication.
In the case of streaming video data, the authentication is performed every one frame, one second, one minute, one hour, or one day.
(データ整合性認証)
 図9(A)および図9(B)は、本実施形態におけるデータ整合性認証について説明するための図である。 (Data integrity certification)
9A and 9B are views for explaining the data integrity authentication in this embodiment.
 データ整合性認証において、CIS-PUFチップ200の一部である信号処理回路270は、デバイスIDを取得するための画素アドレスを設定する。
 垂直ブランキング期間PVB中にアドレス指定された画素のばらつき情報からデバイスIDを取得する。
 そして、行(ライン)画素信号を読み込み、メッセージ認証符号(MAC)機能により、デバイスIDを固有鍵、ライン画素信号をメッセージとするデータタグを生成する。
 次に、ビデオI/F210またはコントロールI/F310を介した水平ブランキング期間PHB中またはビデオI/F210またはコントロールI/F310を介した垂直ブランキング期間PVB中に、画素アドレス、ライン画素信号、およびデータタグを、整合性認証を行う受信装置30の制御装置であるマイコン300側に転送する。
 受信装置30側のマイコン300は、画素アドレスとともに生成されたのと同じキーと、整合性検証のための画素データとを用いてMAC処理を実行する。
 なお、画素アドレスはいつでも任意に変更することができる。 In the data integrity authentication, the signal processing circuit 270, which is a part of the CIS-PUF chip 200, sets a pixel address for acquiring the device ID.
The device ID is acquired from the variation information of the pixel addressed during the vertical blanking period PVB.
Then, a row (line) pixel signal is read, and a message tag having a device ID as a unique key and a line pixel signal as a message is generated by a message authentication code (MAC) function.
Next, during the horizontal blanking period PHB via the video I / F 210 or the control I / F 310 or during the vertical blanking period PVB via the video I / F 210 or the control I / F 310, the pixel address, the line pixel signal, and The data tag is transferred to the side of the microcomputer 300 that is the control device of the receiving device 30 that performs the integrity authentication.
The microcomputer 300 on the receiving device 30 side executes the MAC process using the same key as that generated with the pixel address and the pixel data for the consistency verification.
The pixel address can be arbitrarily changed at any time.
(データ暗号化)
 図10(A)および図10(B)は、本実施形態におけるデータ暗号化処理について説明するための第1図である。
 図11(A)~図11(C)は、本実施形態におけるデータ暗号化処理について説明するための第2図である。 (Data encryption)
10 (A) and 10 (B) are first diagrams for explaining the data encryption processing in the present embodiment.
11A to 11C are second diagrams for explaining the data encryption processing according to the present embodiment.
 データ暗号化処理において、CIS-PUFチップ200の一部である信号処理回路270は、デバイスIDを取得するための画素アドレスを設定する。
 垂直ブランキング期間PVB中にアドレス指定された画素のばらつき情報からデバイスIDを取得する。
 画素部220から第1行(Line1)の画素信号を読み出し、画素信号を内部のラインメモリに保存する。
 画素部220から第2行(Line2)の画素信号を読み出し中に、第1行(Line1)の画素信号をデバイスIDである鍵で暗号化する。
 画素部220から第3行(Line3)の画素信号を読み出し中に、暗号化された第1行(Line1)の画素信号および画素アドレスを、暗号解読処理を制御装置側ISP(Image Signal Processor)としてのマイコン300に転送する。
 マイコン300では、暗号化された第1行(Line1)の画素値を同じ鍵で解読する。 In the data encryption process, the signal processing circuit 270, which is a part of the CIS-PUF chip 200, sets the pixel address for acquiring the device ID.
The device ID is acquired from the variation information of the pixel addressed during the vertical blanking period PVB.
The pixel signal of the first row (Line1) is read from the pixel unit 220 and the pixel signal is stored in the internal line memory.
While the pixel signals of the second row (Line2) are being read from the pixel unit 220, the pixel signals of the first row (Line1) are encrypted with the key that is the device ID.
While the pixel signal of the third row (Line3) is being read from the pixel section 220, the encrypted pixel signal and pixel address of the first row (Line1) are used as a decryption process as the control device side ISP (Image Signal Processor). To the microcomputer 300.
The microcomputer 300 decrypts the encrypted pixel value of the first row (Line1) with the same key.
 なお、暗号化はライン画素の一部のみに適用でき、画素部の画素アレイ全体に対して行う必要なない。
 バックグラウンド暗号化処理にはより多くの時間がかかるが、1行の読み取り期間中に行う必要はない。
 通常、CMOSイメージセンサ(CIS)は数行のメモリを装備しており、このラインメモリの再利用によって、ラインバイライン暗号化は無視できるほどの小さな回路コストをも実現する。 Note that the encryption can be applied to only a part of the line pixels, and need not be performed for the entire pixel array of the pixel portion.
The background encryption process takes more time, but does not need to be done during the one row read period.
CMOS image sensors (CIS) are usually equipped with several rows of memory, and by reusing this line memory, line-by-line encryption also realizes negligible circuit costs.
 以上のように、本実施形態において、デバイス認証、データ整合性認証、およびデータ暗号化等の情報セキュリティ信号処理を、画像信号処理のブランキング期間の信号処理または行(ライン)ごとの信号処理として実行することから、情報セキュリティのための信号処理の処理時間による画像データフレームレートの低下を防止でき、処理回路による装置コストの増加を防止することが可能となる。 As described above, in the present embodiment, information security signal processing such as device authentication, data integrity authentication, and data encryption is performed as signal processing in the blanking period of image signal processing or signal processing for each row (line). Since the execution is performed, the image data frame rate can be prevented from lowering due to the processing time of the signal processing for information security, and the increase in the device cost due to the processing circuit can be prevented.
 以上、認証システムの処理について説明した。
 以下、固体撮像装置21の各部の構成および機能の概要、特に、画素部220の構成および機能等について説明する。
 その後、本実施形態の固体撮像装置21の特徴的な構成、機能について、固有鍵の生成、並びに固有鍵を含む識別データと画像データの一体化を行ってレスポンスデータを作成する、いわゆる暗号化処理であるレスポンスデータ作成処理等を中心に説明する。 The processing of the authentication system has been described above.
Hereinafter, the outline of the configuration and function of each unit of the solid-state imaging device 21, particularly the configuration and function of the pixel unit 220 will be described.
After that, with regard to the characteristic configuration and function of the solid-state imaging device 21 of the present embodiment, a unique key is generated, and identification data including the unique key is integrated with image data to create response data, so-called encryption processing. The description will be centered on the response data creating process.
(画素並びに画素部220の基本的な構成)
 画素部220は、フォトダイオード(光電変換素子)と画素内アンプとを含む複数の画素がn行×m列の2次元の行列状(マトリクス状)に配列されている。 (Basic configuration of pixel and pixel portion 220)
In the pixel portion 220, a plurality of pixels including a photodiode (photoelectric conversion element) and an in-pixel amplifier are arranged in a two-dimensional matrix of n rows × m columns.
 図12は、本実施形態に係る画素の一例を示す回路図である。 FIG. 12 is a circuit diagram showing an example of a pixel according to this embodiment.
 この画素PXLは、たとえば光電変換素子であるフォトダイオード(PD)を有する。
 そして、このフォトダイオードPDに対して、転送トランジスタTG-Tr、リセットトランジスタRST-Tr、ソースフォロワトランジスタSF-Tr、および選択トランジスタSEL-Trをそれぞれ一つずつ有する。 The pixel PXL has, for example, a photodiode (PD) which is a photoelectric conversion element.
The photodiode PD has one transfer transistor TG-Tr, one reset transistor RST-Tr, one source follower transistor SF-Tr, and one selection transistor SEL-Tr.
 フォトダイオードPDは、入射光量に応じた量の信号電荷(ここでは電子)を発生し、蓄積する。
 以下、信号電荷は電子であり、各トランジスタがn型トランジスタである場合について説明するが、信号電荷がホールであったり、各トランジスタがp型トランジスタであっても構わない。
 また、本実施形態は、後で例示するように、複数のフォトダイオード間で、リセットトランジスタRST-Tr、ソースフォロワトランジスタSF-Tr、および選択トランジスタSEL-Trの各トランジスタを共有している場合にも有効であり、また、選択トランジスタを有していない3トランジスタ(3Tr)画素を採用している場合にも有効である。 The photodiode PD generates and accumulates signal charges (here, electrons) in an amount corresponding to the amount of incident light.
Hereinafter, the case where the signal charge is an electron and each transistor is an n-type transistor will be described, but the signal charge may be a hole or each transistor may be a p-type transistor.
In addition, in the present embodiment, as will be exemplified later, when the reset transistor RST-Tr, the source follower transistor SF-Tr, and the selection transistor SEL-Tr are shared by a plurality of photodiodes, Is also effective, and is also effective when a three-transistor (3Tr) pixel having no selection transistor is adopted.
 転送トランジスタTG-Trは、フォトダイオードPDとフローティングディフュージョンFD(Floating Diffusion;浮遊拡散層)の間に接続され、制御信号TGを通じて制御される。
 転送トランジスタTG-Trは、制御信号TGがハイレベル(H)の期間に選択されて導通状態となり、フォトダイオードPDで光電変換された電子をフローティングディフュージョンFDに転送する。 The transfer transistor TG-Tr is connected between the photodiode PD and the floating diffusion FD (Floating Diffusion) and is controlled by the control signal TG.
The transfer transistor TG-Tr is selected when the control signal TG is at the high level (H) and becomes conductive, and transfers the electrons photoelectrically converted by the photodiode PD to the floating diffusion FD.
 リセットトランジスタRST-Trは、電源線VRstとフローティングディフュージョンFDの間に接続され、制御信号RSTを通じて制御される。
 なお、リセットトランジスタRST-Trは、電源線VDDとフローティングディフュージョンFDの間に接続され、制御信号RSTを通じて制御されるように構成してもよい。
 リセットトランジスタRST-Trは、制御信号RSTがHレベルの期間に選択されて導通状態となり、フローティングディフュージョンFDを電源線VRst(またはVDD)の電位にリセットする。 The reset transistor RST-Tr is connected between the power supply line VRst and the floating diffusion FD and controlled by the control signal RST.
The reset transistor RST-Tr may be connected between the power supply line VDD and the floating diffusion FD and controlled by the control signal RST.
The reset transistor RST-Tr is selected and rendered conductive while the control signal RST is at the H level, and resets the floating diffusion FD to the potential of the power supply line VRst (or VDD).
 ソースフォロワトランジスタSF-Trと選択トランジスタSEL-Trは、電源線VDDと垂直信号線LSGNの間に直列に接続されている。
 ソースフォロワトランジスタSF-TrのゲートにはフローティングディフュージョンFDが接続され、選択トランジスタSEL-Trは制御信号SELを通じて制御される。
 選択トランジスタSEL-Trは、制御信号SELがHの期間に選択されて導通状態となる。これにより、ソースフォロワトランジスタSF-TrはフローティングディフュージョンFDの電位に応じた列出力アナログ信号VSLを垂直信号線LSGNに出力する。
 これらの動作は、たとえば転送トランジスタTG-Tr、リセットトランジスタRST-Tr、および選択トランジスタSEL-Trの各ゲートが行単位で接続されていることから、1行分の各画素について同時並列的に行われる。 The source follower transistor SF-Tr and the selection transistor SEL-Tr are connected in series between the power supply line VDD and the vertical signal line LSGN.
A floating diffusion FD is connected to the gate of the source follower transistor SF-Tr, and the selection transistor SEL-Tr is controlled by the control signal SEL.
The selection transistor SEL-Tr is selected to be conductive when the control signal SEL is H. As a result, the source follower transistor SF-Tr outputs the column output analog signal VSL corresponding to the potential of the floating diffusion FD to the vertical signal line LSGN.
These operations are performed at the same time in parallel for each pixel for one row because, for example, the gates of the transfer transistor TG-Tr, the reset transistor RST-Tr, and the selection transistor SEL-Tr are connected in a row unit. Be seen.
 画素部220には、画素PXLがn行×m列配置されているので、各制御信号SEL,RST,TG用の制御線はそれぞれn本、垂直信号線LSGNはm本ある。
 図6においては、各制御信号SEL、RST、TGを1本の行走査制御線として表している。 Since the pixels PXL are arranged in n rows × m columns in the pixel section 220, there are n control lines for each control signal SEL, RST, and TG, and m vertical signal lines LSGN.
In FIG. 6, each control signal SEL, RST, TG is shown as one row scanning control line.
 垂直走査回路230は、タイミング制御回路260の制御に応じてシャッター行および読み出し行において行走査制御線を通して画素の駆動を行う。
 また、垂直走査回路230は、アドレス信号に従い、信号の読み出しを行うリード行と、フォトダイオードPDに蓄積された電荷をリセットするシャッター行の行アドレスの行選択信号を出力する。 The vertical scanning circuit 230 drives the pixels through the row scanning control lines in the shutter row and the reading row under the control of the timing control circuit 260.
Further, the vertical scanning circuit 230 outputs a row selection signal of a row address of a read row for reading out a signal and a shutter row for resetting charges accumulated in the photodiode PD according to the address signal.
 読み出し回路240は、画素部220の各列出力に対応して配置された複数の列(カラム)信号処理回路(図示せず)を含み、複数の列信号処理回路で列並列処理が可能に構成されてもよい。 The readout circuit 240 includes a plurality of column signal processing circuits (not shown) arranged corresponding to each column output of the pixel section 220, and is configured such that column parallel processing can be performed by the plurality of column signal processing circuits. May be done.
 読み出し回路240は、相関二重サンプリング(CDS:Correlated Double Sampling)回路やADC(アナログデジタルコンバータ;AD変換器)、アンプ(AMP,増幅器)、サンプルホールド(S/H)回路等を含んで構成可能である。 The readout circuit 240 can be configured to include a correlated double sampling (CDS: Correlated Double Sampling) circuit, an ADC (analog-digital converter; AD converter), an amplifier (AMP, amplifier), a sample hold (S / H) circuit, and the like. Is.
 このように、読み出し回路240は、たとえば図13(A)に示すように、画素部220の各列出力アナログ信号VSLをデジタル信号に変換するADC241を含んで構成されてもよい。
 あるいは、読み出し回路240は、たとえば図13(B)に示すように、画素部220の各列出力アナログ信号VSLを増幅するアンプ(AMP)242が配置されてもよい。
 また、読み出し回路240は、たとえば図13(C)に示すように、画素部220の各列出力アナログ信号VSLをサンプル、ホールドするサンプルホールド(S/H)回路243が配置されてもよい。
 また、読み出し回路240は、画素部220の各列から出力される画素信号に対して所定の処理が施された信号を記憶するカラムメモリとしてのSRAMが配置されてもよい。 As described above, the readout circuit 240 may be configured to include the ADC 241 that converts each column output analog signal VSL of the pixel section 220 into a digital signal, as shown in FIG. 13A, for example.
Alternatively, the readout circuit 240 may be provided with an amplifier (AMP) 242 that amplifies the column output analog signal VSL of the pixel section 220, as shown in FIG. 13B, for example.
In addition, the read circuit 240 may be provided with a sample hold (S / H) circuit 243 that samples and holds each column output analog signal VSL of the pixel section 220, as shown in FIG. 13C, for example.
Further, the read circuit 240 may be provided with an SRAM as a column memory that stores a signal obtained by performing a predetermined process on a pixel signal output from each column of the pixel unit 220.
 水平走査回路250は、読み出し回路240のADC等の複数の列信号処理回路で処理された信号を走査して水平方向に転送し、信号処理回路270に出力する。 The horizontal scanning circuit 250 scans the signals processed by a plurality of column signal processing circuits such as the ADC of the reading circuit 240, transfers the signals in the horizontal direction, and outputs the signals to the signal processing circuit 270.
 タイミング制御回路260は、画素部220、垂直走査回路230、読み出し回路240、水平走査回路250等の信号処理に必要なタイミング信号を生成する。 The timing control circuit 260 generates a timing signal required for signal processing of the pixel section 220, the vertical scanning circuit 230, the reading circuit 240, the horizontal scanning circuit 250, and the like.
 信号処理回路270は、通常読み出しモードMDUのときには、読み出し回路240により読み出され所定の処理が施された読み出し信号に対する所定の信号処理により2次元画像データを生成する。 In the normal read mode MDU, the signal processing circuit 270 generates two-dimensional image data by performing predetermined signal processing on the read signal read by the read circuit 240 and subjected to predetermined processing.
 上述したように、固体撮像装置(CMOSイメージセンサ)では、わずかな光で光電変換により発生した電子を、微小容量で電圧に変換し、さらに微小面積のソースフォロワトランジスタSF-Trを用いて、出力している。そのため、容量をリセットする際に発生するノイズやトランジスタの素子ばらつきなどの微小なノイズを除去する必要があり、画素毎のリセットレベル(VRST)と輝度レベル(信号レベル:VSIG)の差分を出力している。
 このように、CMOSイメージセンサでは、画素毎のリセットレベルと輝度レベルの差分を出力することで、リセットノイズと閾値ばらつきを除去し、数電子の信号を検出することができる。この差分を検出する動作は、CDS(相関二重サンプリング)と呼ばれ、広く用いられている技術であり、アレイ状に配置された全て画素に対して、CDS読出しを順次行い、1フレーム分の通常の2次元画像データを出力する。 As described above, in the solid-state imaging device (CMOS image sensor), electrons generated by photoelectric conversion with a slight amount of light are converted into a voltage with a minute capacitance, and further output using a source follower transistor SF-Tr having a minute area. is doing. Therefore, it is necessary to remove minute noise such as noise generated when resetting the capacitance and variations in transistor elements, and the difference between the reset level (VRST) and the brightness level (signal level: VSIG) of each pixel is output. ing.
As described above, in the CMOS image sensor, by outputting the difference between the reset level and the brightness level for each pixel, the reset noise and the threshold variation can be removed, and a signal of several electrons can be detected. The operation of detecting this difference is called CDS (correlated double sampling) and is a widely used technique. CDS reading is sequentially performed on all pixels arranged in an array, and one frame worth of data is read out. Normal 2D image data is output.
 本実施形態の固体撮像装置21では、この通常の2次元画像データを生成するための動作は、通常動作モードMDUで動作可能に構成されている。 In the solid-state imaging device 21 of the present embodiment, the operation for generating this normal two-dimensional image data is configured to be operable in the normal operation mode MDU.
 ただし、本実施形態における信号処理回路270においては、画像の無断使用や改ざん、ねつ造等が行われてしまうことを防止するために、固体撮像装置21の固有のばらつき情報(画素、読み出し回路のばらつき情報)から固有鍵を生成し、固有鍵と固体撮像装置21から得られる取得データを組み合わせて識別データを生成し、この識別データを画像データに一体化してレスポンスデータRPDとして出力し、固有鍵に関する情報を認識していない場合には識別データを正しく作成できないように構成されている。 However, in the signal processing circuit 270 according to the present embodiment, in order to prevent unauthorized use, falsification, and fabrication of an image, the variation information specific to the solid-state imaging device 21 (variation in pixel and readout circuit). Information), a unique key is generated, and the unique key and the acquired data obtained from the solid-state imaging device 21 are combined to generate identification data. The identification data is integrated with the image data and output as response data RPD. The identification data cannot be created correctly when the information is not recognized.
 本実施形態の固体撮像装置21では、この固有鍵の生成に関する動作は、レスポンス作成モードMDR(PUFモード、セキュリティモード)で動作可能に構成されている。 In the solid-state imaging device 21 of this embodiment, the operation related to the generation of the unique key is configured to be operable in the response creation mode MDR (PUF mode, security mode).
 本実施形態のレスポンス作成モードMDRにおいては、周辺輝度に依存しない、チップ毎に固有な画素ばらつきパターン(ばらつき情報)を固有IDとして出力する。
 このように、本実施形態のレスポンス作成モードMDRにおいては、画素毎のばらつきパターンのみを出力する。輝度レベルを出力しないため、イメージセンサの露光条件に依存しないパターン画像を出力することができる。また、各画素の出力には、FPNとフレーム毎にランダムに変動する熱雑音が含まれるが、レスポンス作成モードMDRにおけるFPNは熱雑音に対して10倍以上大きいため、安定した固定ばらつきパターンをレスポンスデータRPDとして出力することができる。 In the response creation mode MDR of the present embodiment, a pixel variation pattern (variation information) unique to each chip that does not depend on peripheral brightness is output as a unique ID.
As described above, in the response creation mode MDR of the present embodiment, only the variation pattern for each pixel is output. Since the brightness level is not output, it is possible to output a pattern image that does not depend on the exposure condition of the image sensor. The output of each pixel includes FPN and thermal noise that fluctuates randomly for each frame. However, since the FPN in the response creation mode MDR is 10 times or more larger than the thermal noise, a stable fixed variation pattern is returned. It can be output as data RPD.
 本実施形態のレスポンス作成モードMDRにおいては、固有鍵の生成に際し、画素のばらつき情報および読み出し部のばらつき情報の少なくともいずれかに関連付けて固有鍵を含むレスポンスデータを生成する。 In the response creation mode MDR of this embodiment, when generating the unique key, the response data including the unique key is generated in association with at least one of the pixel variation information and the reading unit variation information.
 以上、固体撮像装置21の各部の構成および機能の概要、特に、画素部220の基本的な構成および機能等について説明した。
 以下、本実施形態の固体撮像装置21の特徴的な構成、機能について、固有鍵の生成、並びに固有鍵を含む識別データと画像データの一体化を行ってレスポンスデータを作成する、いわゆる暗号化処理であるレスポンスデータ作成処理を中心に説明する。 The outline of the configuration and function of each unit of the solid-state imaging device 21, particularly the basic configuration and function of the pixel unit 220, has been described above.
Hereinafter, with regard to the characteristic configuration and function of the solid-state imaging device 21 of the present embodiment, a so-called encryption process in which a unique key is generated and response data is created by integrating identification data including the unique key and image data The response data creation process will be mainly described.
 図14は、本実施形態に係る暗号化処理系であるレスポンスデータ作成の全体的な概要を示すブロック図である。 FIG. 14 is a block diagram showing an overall outline of response data creation which is the encryption processing system according to the present embodiment.
 図14の暗号化処理系であるレスポンスデータ作成部280は、情報取得部281、鍵生成部282、画像データ生成部283、識別データ生成部284、一体化部285、およびメモリ286を主構成要素として有している。
 なお、図14の例では情報取得部281と鍵生成部282が別の機能ブロックとして構成されているが、情報取得部281と鍵生成部282を一つの機能ブロックとして構成することも可能である。 The response data creation unit 280, which is the encryption processing system in FIG. 14, includes an information acquisition unit 281, a key generation unit 282, an image data generation unit 283, an identification data generation unit 284, an integration unit 285, and a memory 286 as main components. Have as.
Although the information acquisition unit 281 and the key generation unit 282 are configured as separate functional blocks in the example of FIG. 14, the information acquisition unit 281 and the key generation unit 282 can be configured as one functional block. ..
 情報取得部281は、画素PXLのばらつき情報PFLCおよび読み出し回路240の構成回路のばらつき情報CFLCの少なくともいずれかを取得し、取得したばらつき情報を鍵生成部282に供給する。 The information acquisition unit 281 acquires at least one of the variation information PFLC of the pixel PXL and the variation information CFLC of the constituent circuits of the readout circuit 240, and supplies the obtained variation information to the key generation unit 282.
 ここで、一例として画素PXLのばらつき情報PFLCについての概略を説明する。 Here, an outline of the variation information PFLC of the pixel PXL will be described as an example.
(ソースフォロワトランジスタSFのしきい値)
 情報取得部281は、画素のばらつき情報としてソースフォロワトランジスタSFのしきい値VTHのばらつき情報を採用することができる。 (Threshold value of the source follower transistor SF)
The information acquisition unit 281 can employ the variation information of the threshold value VTH of the source follower transistor SF as the variation information of the pixel.
 図15(A)~図15(E)は、画素のばらつき情報としてソースフォロワトランジスタSFのしきい値VTHのばらつき情報を採用した場合の通常動作モードとレスポンス作成モードにおける要部の動作波形等を示す図である。
 図15(A)が画素PXLの読み出し系の回路図を、図15(B)が通常動作モードMDU時の動作波形を、図15(C)がレスポンス作成モードMDRの動作波形を、図15(D)がばらつき情報を二値化した鍵パターンイメージを示し、図15(E)が出力信号と画素数としきい値VTHとの関係を示している。
 図15(A)の画素PXLの読み出し系においては、垂直信号線LSGNにCDS回路244がスイッチSW0の一端子を介して接続されている。スイッチSW0の他端子は基準電圧Vrefの供給ラインに接続されている。 FIGS. 15A to 15E show operation waveforms of main parts in the normal operation mode and the response creation mode when the variation information of the threshold value VTH of the source follower transistor SF is adopted as the variation information of pixels. FIG.
15A is a circuit diagram of the readout system of the pixel PXL, FIG. 15B is an operation waveform in the normal operation mode MDU, FIG. 15C is an operation waveform in the response creation mode MDR, and FIG. D) shows a key pattern image in which the variation information is binarized, and FIG. 15E shows the relationship between the output signal, the number of pixels, and the threshold value VTH.
In the readout system of the pixel PXL in FIG. 15A, the CDS circuit 244 is connected to the vertical signal line LSGN via one terminal of the switch SW0. The other terminal of the switch SW0 is connected to the supply line of the reference voltage Vref.
 通常動作モードMDUにおいては、図15(B)に示すように、差分信号を画素の出力信号として用いることで、各画素PXLが備えるソースフォロワトランジスタSFのしきい値のばらつきを除去している。 In the normal operation mode MDU, as shown in FIG. 15 (B), the difference signal is used as the output signal of the pixel to eliminate the variation in the threshold value of the source follower transistor SF included in each pixel PXL.
 レスポンス作成モードMDRにおいては、図15(C)に示すように、時刻t1に後段回路は基準電圧レベル(Vref)、時刻t2に後段回路は画素のリセット電圧レベルを取り込む。
 これらの信号の差分を読み出すことで、各画素PXLのリセット電圧のばらつきを取り出すことができる。
 本例では、このばらつき分布を鍵として用いる。
 上記ばらつきは100mV程度なので、アンプ等で増幅しても良い。 In the response creation mode MDR, as shown in FIG. 15C, the rear circuit fetches the reference voltage level (Vref) at time t1 and the pixel reset voltage level at time t2.
By reading the difference between these signals, the variation in the reset voltage of each pixel PXL can be extracted.
In this example, this variation distribution is used as a key.
Since the variation is about 100 mV, it may be amplified by an amplifier or the like.
 鍵生成部282(図14)は、情報取得部281により取得され供給される画素のばらつき情報および読み出し回路240のばらつき情報の少なくともいずれかを用いて固有鍵を生成する。
 鍵生成部282は、生成した固有鍵KYを識別データ生成部284に供給する。
 鍵生成部282は、たとえば画素部220の有効画素の読み出し時以外の期間(たとえばブランキング期間)に固有鍵KYの生成を行う。 The key generation unit 282 (FIG. 14) generates a unique key using at least one of the pixel variation information acquired and supplied by the information acquisition unit 281 and the variation information of the readout circuit 240.
The key generation unit 282 supplies the generated unique key KY to the identification data generation unit 284.
The key generation unit 282 generates the unique key KY, for example, during a period (for example, a blanking period) other than when valid pixels of the pixel unit 220 are read.
 図14の画像データ生成部283は、通常読み出しモードで読み出し回路240を通して読み出され所定の処理が施された読み出し信号に対する所定の信号処理により、画像データIMGを生成する。
 画像データ生成部283は、生成した画像データIMGを一体化部285に供給する。 The image data generation unit 283 in FIG. 14 generates the image data IMG by performing predetermined signal processing on the read signal read through the read circuit 240 and subjected to predetermined processing in the normal read mode.
The image data generation unit 283 supplies the generated image data IMG to the integration unit 285.
 画像データ生成部283は、固体撮像装置21から取得した取得データAQDを識別データ生成部284に供給する。
 ここで、取得データAQDは、画像データの全体または一部である。 The image data generation unit 283 supplies the acquisition data AQD acquired from the solid-state imaging device 21 to the identification data generation unit 284.
Here, the acquired data AQD is the whole or a part of the image data.
 識別データ生成部284は、鍵生成部282で生成された固有鍵KYと、本固体撮像装置21で取得した取得データAQDを組み合わせて識別データDSCDを生成する。
 識別データ生成部284は、生成した識別データDSCDを一体化部285に供給する。 The identification data generation unit 284 combines the unique key KY generated by the key generation unit 282 and the acquisition data AQD acquired by the solid-state imaging device 21 to generate the identification data DSCD.
The identification data generation unit 284 supplies the generated identification data DSCD to the integration unit 285.
 前述したように、本実施形態に係る固体撮像装置21は、センサのデバイス認証と画像データの改ざんを防止する対策として、CMOSイメージセンサにおける画素ばらつきからPUFの固有IDを生成するCMOSイメージセンサPUF(CIS-PUF)として形成されている。
 次に、PUFのレスポンス(以下、PUFレスポンスという場合もある)を生成する際に、画素のばらつき情報および読み出し部のばらつき情報のうちの少なくともいずれか一方に関連付けて固有鍵を含むレスポンスデータを生成することが可能なCIS-PUFの好適な構成例について説明する。
 その後、本実施形態の固体撮像装置21の特徴的な構成、機能について、固有鍵の生成、並びに固有鍵を含む識別データと画像データの一体化を行ってレスポンスデータを作成する、いわゆる暗号化処理であるレスポンスデータ作成処理等を中心に説明する。 As described above, the solid-state imaging device 21 according to the present embodiment, as a measure for preventing device authentication of the sensor and tampering with the image data, generates a unique ID of the PUF from the pixel variation in the CMOS image sensor. CIS-PUF).
Next, when a PUF response (hereinafter, also referred to as a PUF response) is generated, response data including a unique key is generated in association with at least one of pixel variation information and readout unit variation information. A preferred configuration example of the CIS-PUF capable of performing will be described.
After that, with regard to the characteristic configuration and function of the solid-state imaging device 21 of the present embodiment, so-called encryption processing in which a unique key is generated, and identification data including the unique key and image data are integrated to create response data. The description will be centered on the response data creating process.
 図16は、CMOSイメージセンサPUF (CIS-PUF)の要部を形成するばらつき情報を取得するのに好適な情報取得部を含む、本実施形態に係る画素部および列毎に配置された列読出し回路の概要を示す図である。 FIG. 16 shows a pixel unit according to the present embodiment and a column readout arranged for each column, which includes an information acquisition unit suitable for acquiring variation information forming a main part of a CMOS image sensor PUF (CIS-PUF). It is a figure which shows the outline of a circuit.
 図16の画素部220Aおよび列(カラム)読出し回路240は、ばらつき信号の再現性を高め、ばらつきパターンのユニーク性を改善するために、垂直(図では上下)の2画素間で大小判定(引き算等)して2値化を行うことが可能となるように構成されている。 The pixel unit 220A and the column readout circuit 240 of FIG. 16 determine the size (subtraction) between two vertical pixels (upper and lower in the figure) in order to improve the reproducibility of the variation signal and improve the uniqueness of the variation pattern. Etc.) and binarization can be performed.
 図16の画素部220Aは、一つのフローティングディフュージョンFD、一つのソースフォロワ素子としてのソースフォロワトランジスタSF-Tr、一つのリセット素子としてのリセットトランジスタRST-Tr、および一つの選択素子としての選択トランジスタSEL-Trを、複数(本例では2)の光電変換素子であるフォトダイオードPD1、PD2および転送素子としての転送トランジスタTG-Tr1,TG-Tr2で共有する画素共有構造を有する。 The pixel portion 220A of FIG. 16 includes one floating diffusion FD, one source follower transistor SF-Tr as one source follower element, a reset transistor RST-Tr as one reset element, and a selection transistor SEL as one selection element. -Tr has a pixel sharing structure in which a plurality of (two in this example) photoelectric conversion elements photodiodes PD1 and PD2 and transfer transistors TG-Tr1 and TG-Tr2 as transfer elements are shared.
 すなわち、図16のCMOSイメージセンサの画素PXLAは、フォトダイオードPD1およびPD2、転送クロックである制御信号TG1およびTG2で駆動する転送トランジスタTG-Tr1,TG-Tr2、リセットクロックである制御信号RSTで駆動するリセットトランジスタRST-Tr、ソースフォロワ(SF)トランジスタSF-Tr、選択クロックである制御信号SELで駆動する選択トランジスタSEL-Trにより構成されている。
 ここで、2個のフォトダイオードPD1,PD2がリセットトランジスタRST-Tr、ソースフォロワ(SF)トランジスタSF-Tr、選択トランジスタSEL-Trを共有している。
 これは、近年の微細な画素に対して広く用いられる方式であり、各トランジスタをPD間で共有することにより、PDの面積を所定の素サイズに対して大きくとり、光電変換可能な領域を広げることで、入射光に対する検出感度を高めている。 That is, the pixel PXLA of the CMOS image sensor of FIG. 16 is driven by the photodiodes PD1 and PD2, the transfer transistors TG-Tr1 and TG-Tr2 driven by the control signals TG1 and TG2 which are transfer clocks, and the control signal RST which is a reset clock. The reset transistor RST-Tr, a source follower (SF) transistor SF-Tr, and a selection transistor SEL-Tr driven by a control signal SEL which is a selection clock.
Here, the two photodiodes PD1 and PD2 share the reset transistor RST-Tr, the source follower (SF) transistor SF-Tr, and the selection transistor SEL-Tr.
This is a method widely used for fine pixels in recent years, and by sharing each transistor among PDs, the area of the PD is made larger than a predetermined prime size, and the photoelectrically convertible region is expanded. Therefore, the detection sensitivity to incident light is increased.
 選択トランジスタSEL-Trがオンした画素では、電源電圧Vddの電源線VDD、ソースフォロワ(SF)トランジスタSF-Tr、電流源Idが直列となり、ソースフォロワ回路を構成する。
 このソースフォロワ回路により、フローティングディフュージョンFDの電圧が読み出し回路240のAMP242を介してADC241に入力されて、デジタル変換され、図示しないインターフェス回路に出力される。
 また、クリップ回路245が画素アレイ端に配置され、クリップクロックである制御信号CLIPによって駆動するクリップゲートCGおよびダイオード接続トランジスタM0は、画素アレイ端に配置され、画素出力電圧振幅を制限することで、安定的に動作させるために用いられる。 In the pixel in which the selection transistor SEL-Tr is turned on, the power supply line VDD of the power supply voltage Vdd, the source follower (SF) transistor SF-Tr, and the current source Id are connected in series to form a source follower circuit.
With this source follower circuit, the voltage of the floating diffusion FD is input to the ADC 241 via the AMP 242 of the read circuit 240, converted into a digital signal, and output to an interface circuit (not shown).
Further, the clip circuit 245 is arranged at the pixel array end, and the clip gate CG and the diode connection transistor M0 driven by the control signal CLIP which is the clip clock are arranged at the pixel array end, and by limiting the pixel output voltage amplitude, Used for stable operation.
(図16のCIS-PUFの概要)
 ここで、図16のCIS-PUFの概要について説明する。
 CIS-PUFは、CMOSイメージセンサの画素毎の特性ばらつきを利用してデバイスごとに固有のPUFレスポンス(画素のばらつき情報)を生成する。前述したように、特性ばらつきには固定した位置に生じる固定パターンノイズ(FPN:Fixed Pattern Noise)や画素等の位置に関係なくランダムに生じるランダムノイズがある。
 CMOSイメージセンサは、通常動作モードMDUにおいては、これら特性ばらつきを除去するために,画素毎にリセット電位(VRST)と信号電位(VSIG)の差分を取るCDS(相関二重サンプリング:Correlated Double Sampling)を行っている。 (Outline of CIS-PUF in FIG. 16)
Here, an outline of the CIS-PUF of FIG. 16 will be described.
The CIS-PUF generates a PUF response (pixel variation information) unique to each device by utilizing the characteristic variation of each pixel of the CMOS image sensor. As described above, the characteristic variation includes fixed pattern noise (FPN: Fixed Pattern Noise) generated at a fixed position and random noise randomly generated regardless of the positions of pixels and the like.
In the normal operation mode MDU, the CMOS image sensor has a CDS (Correlated Double Sampling) which takes a difference between a reset potential (VRST) and a signal potential (VSIG) for each pixel in order to eliminate these characteristic variations. It is carried out.
 一方でCIS-PUFは、PUFレスポンスを生成する目的でばらつき情報を得るために、CDSを動作させない信号読み出しモードであるレスポンス作成モード(PUFモード)MDRを持つ。このPUFモードにより画素ばらつきが支配的となる出力を得ることができる。 On the other hand, the CIS-PUF has a response creation mode (PUF mode) MDR that is a signal read mode that does not operate the CDS in order to obtain variation information for the purpose of generating a PUF response. This PUF mode makes it possible to obtain an output in which pixel variations are dominant.
 図16のCIS-PUFとしての固体撮像装置(CMOSイメージセンサ)21Aは、画素数1,920×1,080(フルHD)のアレイ構造を有している。
 この固体撮像装置(CMOSイメージセンサ)21Aは、垂直方向(図では上下)に隣接した2画素でソースフォロワトランジスタSF-Trを共有しており、ソースフォロワトランジスタSF-Trの数は1,920×540である。 A solid-state image pickup device (CMOS image sensor) 21A as a CIS-PUF in FIG. 16 has an array structure of 1,920 × 1,080 (full HD) pixels.
This solid-state imaging device (CMOS image sensor) 21A shares a source follower transistor SF-Tr with two pixels adjacent in the vertical direction (upper and lower in the figure), and the number of source follower transistors SF-Tr is 1,920 × 540. is there.
 PUFモードでは、列毎に存在するクリップ回路245から得られる電位を基準電位とし、各画素のリセット電位と差分を取ることで、画素毎のばらつきを抽出している。
 PUFモードでは、最初に列ごとに配置されているクリップ回路244を選択する。このとき、ダイオード接続されたトランジスタM0のゲート電圧はVDDであり、アンプ242を介して電源電圧からオフセット電圧分シフトした電圧がADC241に保持される。次に、対象の画素を選択し、リセットトランジスタRST-Trと転送トランジスタTG-Trを同時にオンすることでフォトダイオードPDに蓄積された電荷を排出する。このとき、微小容量であるフローティングディフュージョンFDの電位はVDDとなり、同様に電源電圧からオフセット電圧分降下した電圧がADC241に保持される。
 ADC41ではこれらの電圧の差分を取ることで、画素のソースフォロワトランジスタSF-Trとクリップ回路244のトランジスタCGのオフセットばらつきは、再現性の高い固定パターンノイズであり、これを利用してIDを生成する。 In the PUF mode, the potential obtained from the clip circuit 245 existing in each column is used as a reference potential, and the difference from the reset potential of each pixel is calculated to extract the variation for each pixel.
In the PUF mode, the clip circuit 244 arranged in each column is first selected. At this time, the gate voltage of the diode-connected transistor M0 is VDD, and the voltage shifted by the offset voltage from the power supply voltage is held in the ADC 241 via the amplifier 242. Next, the target pixel is selected, and the reset transistor RST-Tr and the transfer transistor TG-Tr are turned on at the same time to discharge the charge accumulated in the photodiode PD. At this time, the potential of the floating diffusion FD, which is a minute capacitance, becomes VDD, and similarly, the voltage dropped by the offset voltage from the power supply voltage is held in the ADC 241.
In the ADC 41, the difference between these voltages is taken, so that the offset variation between the source follower transistor SF-Tr of the pixel and the transistor CG of the clip circuit 244 is highly reproducible fixed pattern noise, and this is used to generate an ID. To do.
(図16のCIS-PUFにおけるPUFレスポンスの生成)
 次に、図16のCIS-PUFにおけるPUFレスポンスの生成の概要について説明する。
 図17は、図16のCIS-PUFの画素ばらつきを利用したPUFレスポンス生成の様子を示す図である。 (Generation of PUF response in CIS-PUF of FIG. 16)
Next, an outline of generation of a PUF response in the CIS-PUF of FIG. 16 will be described.
FIG. 17 is a diagram showing a state of PUF response generation using the pixel variation of the CIS-PUF of FIG.
 CIS-PUFの画素ばらつきを利用したPUFレスポンス生成は、垂直方向(上下)に隣接した2つのソースフォロワトランジスタSF-Trの出力値(LSB値)を大小比較し、1/0データを生成する。
 図17の例では、上下の出力値を大小比較し、上側の出力値が下側の出力値より大きい場合(上>下)「1」、上側の出力値が下側の出力値より小さい場合(上<下)「0」とする。 The PUF response generation using the pixel variation of the CIS-PUF compares the output values (LSB values) of two source follower transistors SF-Tr adjacent in the vertical direction (up and down) to generate 1/0 data.
In the example of FIG. 17, the upper and lower output values are compared in magnitude, and when the upper output value is larger than the lower output value (upper> lower) “1”, the upper output value is smaller than the lower output value (Upper <Lower) Set to "0".
 この例では、上述したように、ソースフォロワトランジスタSF-Trが上下2画素で共有されている。そのため、まず上下に隣接した出力の平均を取ることで1つのソースフォロワトランジスタSF-Trにつき1つの出力値をとり、540×1,920の出力のマップを得る。
 さらに上下に隣接した出力を大小比較し270×1,920の1/0データを生成する。
 このように、CIS-PUFは画素のアドレスをチャレンジとし、上記手順で生成した1/0データをレスポンスとするPUFである。 In this example, as described above, the source follower transistor SF-Tr is shared by the upper and lower two pixels. Therefore, first, an output value of one source follower transistor SF-Tr is obtained by averaging the outputs which are vertically adjacent to each other, and a map of the output of 540 × 1,920 is obtained.
Further, the outputs adjacent to each other in the vertical direction are compared in size to generate 1/0 data of 270 × 1,920.
As described above, the CIS-PUF is a PUF in which the pixel address is used as a challenge and the 1/0 data generated in the above procedure is used as a response.
(ユニーク性と再現性の評価)
 次に、ユニーク性と再現性の評価結果について述べる。
 図18は、図16および図17に示すようなレスポンス生成方式によって得られたPUF性能としての再現性とユニーク性を示す図である。 (Evaluation of uniqueness and reproducibility)
Next, the evaluation results of uniqueness and reproducibility will be described.
FIG. 18 is a diagram showing reproducibility and uniqueness as PUF performance obtained by the response generation method shown in FIGS. 16 and 17.
 CIS-PUFの性能評価としてユニーク性と再現性の評価を行った。
 ユニーク性は、2つのチップのIDを比較したときどれだけ異なっているかを示す指標である。ユニーク性は各チップで100枚分の画像を平均化した画像から128ビット長のIDを3,840ブロック作り、異なる2つのチップで生成したID間のHD(ハミングでスタンス)を算出し平均値を求めることで得られる。
 ID長をLとしたとき、ユニーク性のHDの分布の平均はL/2、標準偏差は√L/2が理想値である。 Uniqueness and reproducibility were evaluated as performance evaluation of CIS-PUF.
Uniqueness is an index showing how different the IDs of two chips are when compared. Uniqueness is calculated by averaging 100 images on each chip, making 3,840 blocks of 128-bit length ID, calculating HD (stance in Hamming) between IDs generated by two different chips, and calculating the average value. It can be obtained.
When the ID length is L, the average of the uniqueness HD distribution is L / 2, and the standard deviation is √L / 2, which is an ideal value.
 再現性は,あるチップが生成するIDがどの程度の安定性をもつのかを示す指標であり、各チップで100枚分の画像を平均化した画像から128ビット長のIDを3,840ブロック作り、これを基準として、基準IDと100枚それぞれの画像から作ったIDとのHDを算出し平均値を求めることで得られる。
 PUFの出力を認証に使う場合、IDが安定して出力されることが求められる。そのため再現性のHDは0付近に多く分布していることが理想である。 Reproducibility is an index that shows how stable an ID generated by a certain chip is, and makes 3,840 blocks of 128-bit length ID from an image obtained by averaging 100 images for each chip. It is obtained by calculating the HD of the reference ID and the ID made from each of the 100 images, and obtaining the average value.
When the output of the PUF is used for authentication, it is required that the ID be stably output. Therefore, the reproducible HD is ideally distributed in the vicinity of 0.
 図18は、用意した5つのチップについて、ID長を128ビットとして評価を行ったときのユニーク性と再現性の分布を示している。
 ユニーク性のHDは平均値μ=63.9,標準偏差σ=5.66であり、ほぼ理想値(μ=64,σ=5.66)となっている。再現性のHDは平均値μ=1.49,標準偏差σ=1.21であり、CIS-PUFで生成したIDが高い再現性を持つことを示している。 FIG. 18 shows the distribution of uniqueness and reproducibility when the five chips prepared were evaluated with an ID length of 128 bits.
The uniqueness HD has an average value μ = 63.9 and a standard deviation σ = 5.66, which are almost ideal values (μ = 64, σ = 5.66). The reproducibility HD has an average value μ = 1.49 and a standard deviation σ = 1.21, which indicates that the ID generated by CIS-PUF has high reproducibility.
(FPRとFNRによる認証評価)
 次に、FPRとFNRによる認証評価した結果について述べる。 (Authentication evaluation by FPR and FNR)
Next, the result of authentication evaluation based on FPR and FNR will be described.
 前述したように、PUFを用いたCR認証では、あらかじめマイコン300側に登録しておいたIDとPUFが生成したIDが一致しているかを検証することで認証を行う。
 しかし、上述の再現性の評価結果からわかるように、PUFは完全に同じIDを毎回出力するわけではなく、いくらかのビット反転が起こる。そのため、認証の際はある程度の誤りを許容する必要がある。 As described above, in the CR authentication using the PUF, the authentication is performed by verifying whether the ID registered in advance on the microcomputer 300 side matches the ID generated by the PUF.
However, as can be seen from the above reproducibility evaluation results, the PUF does not output the exact same ID each time, and some bit inversion occurs. Therefore, it is necessary to allow some errors during authentication.
 ここでは、CIS-PUFを利用したCR認証はどの程度の認証精度を実現できるのか、また何ビットまでの誤りを許容するよう設定すれば良いのかを評価するため、ユニーク性と再現性からFalse Positive Rate(FPR)とFalse Negative Rate(FNR)という2つの指標を導出し評価を行った。
 FPRは偽物を本物と認識する確率を表し、FNRは本物を偽物と認識する確率を表す。認証に用いるID長をL,ユニーク性のHDがMビットとなる確率をPu (M)、再現性のHDがMビットとなる確率をPs (M)とすると、誤り許容ビット(しきい値)をTと設定したときのFNRとFPRは式(1), 式(2)で導出できる。 Here, in order to evaluate how much authentication accuracy can be achieved in CR authentication using CIS-PUF and how many bits of error should be set so as to be allowed to be recognized, uniqueness and reproducibility give false positive results. Two indicators, Rate (FPR) and False Negative Rate (FNR), were derived and evaluated.
FPR represents the probability of recognizing a genuine article as a genuine article, and FNR represents the probability of recognizing a genuine article as a genuine article. If the ID length used for authentication is L, the probability that uniqueness HD is M bits is Pu (M), and the probability that reproducibility HD is M bits is Ps (M), the error tolerable bit (threshold value) When T is set to T, FNR and FPR can be derived by Equations (1) and (2).
Figure JPOXMLDOC01-appb-M000001
 
Figure JPOXMLDOC01-appb-M000001
 
Figure JPOXMLDOC01-appb-M000002
 
Figure JPOXMLDOC01-appb-M000002
 
 図19は、ユニーク性と再現性からもとめたFPRとFNRを示す図である。
 図19において、横軸はしきい値、縦軸はそのときのFPR,FNRの値を表している。 FIG. 19 is a diagram showing FPR and FNR obtained from uniqueness and reproducibility.
In FIG. 19, the horizontal axis represents the threshold value and the vertical axis represents the FPR and FNR values at that time.
 認証を行う際に確保すべき認証精度は、生体認証の認証精度を参考に決定した.現在運用されている生体認証システムでは認証精度が0.1ppm以下とされている。生体認証が対象とするのは人間であり、その総数は75億程度である。これに対して、CIS-PUFを用いたCR認証が対象とするものはセンサであり、その総数は多く見積もって1兆程度と考えられる。
 よって対象物の数の違いを考慮し、FPRとFNRが共に0.001ppm以下を基準とした。たとえば、誤りを許容するビット数を9-29bitの間に設定すると誤り率を0.001ppm以下にできる。 The authentication accuracy that should be secured when performing authentication was determined by referring to the authentication accuracy of biometric authentication. The biometric authentication system currently in use has an authentication accuracy of 0.1 ppm or less. The target of biometric authentication is a human, and the total number thereof is about 7.5 billion. On the other hand, what is targeted for CR authentication using CIS-PUF is a sensor, and the total number thereof is estimated to be about 1 trillion.
Therefore, considering the difference in the number of objects, both FPR and FNR were set to 0.001 ppm or less as a reference. For example, the error rate can be reduced to 0.001 ppm or less by setting the number of error-allowable bits between 9 and 29 bits.
 以上説明したように、カメラシステム10,10Aは、カメラCMRとしての固体撮像装置21が搭載された嚥下可能なカプセル20,20Aと、カプセル20,20Aで捕捉され無線により送信されたビデオデータを受信する受信装置30,30Aと、を有し、カプセル20,20Aは、デバイスIDを受信装置30,30Aに送信するデバイスID回路24を含み、受信装置30,30Aは、少なくともプリセット用に受信したデバイスIDを格納するメモリ32を含む。たとえば、カプセル20,20Aは、嚥下される前に、カメラCMRに電力が供給されると、受信装置30,30AにデバイスIDを少なくとも1回送信する。また、たとえば、カプセル20,20A系光がカメラCMRに曝されると、受信装置30,30AにデバイスID回路24により生成されたデバイスIDを少なくとも1回送信する。
 受信装置30,30Aは、カプセル20,20Aから送信され、受信したデバイスIDを安全なメモリ32に格納する。なお、上述したように、デバイスIDは、カプセル20,20Aが生体内に飲み込まれる(嚥下される)前に事前に設定する必要がある。 As described above, the camera systems 10 and 10A receive the swallowable capsules 20 and 20A in which the solid-state imaging device 21 as the camera CMR is mounted, and the video data captured by the capsules 20 and 20A and wirelessly transmitted. Receiving devices 30 and 30A, the capsules 20 and 20A include a device ID circuit 24 that transmits a device ID to the receiving devices 30 and 30A, and the receiving devices 30 and 30A receive at least the device received for presetting. It includes a memory 32 for storing the ID. For example, the capsule 20, 20A transmits the device ID to the receiving device 30, 30A at least once when the camera CMR is powered before being swallowed. Further, for example, when the capsule C20, 20A system light is exposed to the camera CMR, the device ID generated by the device ID circuit 24 is transmitted at least once to the receiving devices 30, 30A.
The receiving device 30 or 30A stores the device ID received from the capsule 20 or 20A and received in the secure memory 32. As described above, the device ID needs to be set in advance before the capsules 20 and 20A are swallowed (swallowed) in the living body.
 たとえば、カプセル20が生体内にある場合、受信装置30はカプセル20に認証要求を送信する(図3のID request(Challenge))。
 カプセル20は、受信装置30による認証要求に応答して、デバイスID回路24により生成されたデバイスIDを送信する(図3のResponseF2)。
 受信装置30は、受信したデバイスIDとメモリ32にプリセットしてあるデバイスIDとを評価(比較)する。受信装置30は、両IDが同一であれば、カプセル20にビデオデータを送信するよう要求する。
 カプセル20は、受信装置30からの送信要求に応答してカメラCMRで捕捉したビデオデータを受信装置30に送信する。 For example, when the capsule 20 is in the living body, the receiving device 30 transmits an authentication request to the capsule 20 (ID request (Challenge) in FIG. 3).
The capsule 20 transmits the device ID generated by the device ID circuit 24 in response to the authentication request from the receiving device 30 (ResponseF2 in FIG. 3).
The receiving device 30 evaluates (compares) the received device ID with the device ID preset in the memory 32. If both IDs are the same, the receiving device 30 requests the capsule 20 to transmit the video data.
The capsule 20 transmits the video data captured by the camera CMR to the receiving device 30 in response to the transmission request from the receiving device 30.
 また、カプセル20は、デバイスIDに基づいてキーKYを生成するキー生成回路26を備えていて、ビデオデータVDおよび符号化データをキーKYで送信する。
 受信装置30は、ビデオデータおよびキーをメモリ32にプリセットされているデバイスIDに基づいて評価し、ビデオデータの完全性および信頼性を保護する。
 また、カプセル20は、デバイスIDに基づいてキーKYを生成するキー生成回路26を備えていて、暗号化されたビデオデータVDをキーKYで送信する。
 受信装置30は、ビデオデータを保護するために、暗号化されたビデオデータを、メモリ32にプリセットしたデバイスIDに基づくキーで復号化する。 Further, the capsule 20 includes a key generation circuit 26 that generates a key KY based on the device ID, and transmits the video data VD and the encoded data using the key KY.
The receiving device 30 evaluates the video data and the key based on the device ID preset in the memory 32, and protects the integrity and reliability of the video data.
The capsule 20 also includes a key generation circuit 26 that generates a key KY based on the device ID, and transmits the encrypted video data VD with the key KY.
The receiver 30 decrypts the encrypted video data with a key based on the device ID preset in the memory 32 in order to protect the video data.
 このように、本第1の実施形態によれば、生体内カメラシステム10,10Aにおいて、カプセル20と受信装置30側の受信機との間で、デバイス認証の実装、データの完全性と信頼性の保護、データ暗号化、誤ったデータのやりとりの防止を実現することが可能となる。 As described above, according to the first embodiment, in the in- vivo camera systems 10 and 10A, between the capsule 20 and the receiver on the receiving device 30 side, implementation of device authentication, data integrity and reliability are performed. It is possible to realize protection of data, data encryption, and prevention of erroneous data exchange.
 また、本第1の実施形態によれば、レスポンスデータの生成処理、少なくとも、デバイス認証、データ整合性認証、およびデータ暗号化のいずれかであって、画素アドレスをチャレンジ(Challenge)とし、所定の手順で生成したレスポンスデータをレスポンス(Response)とする認証処理を含む情報セキュリティ信号処理を、画像信号処理のブランキング期間の信号処理または行(ライン)ごとの信号処理として実行する。
 これにより、情報セキュリティのための信号処理の処理時間による画像データフレームレートの低下を防止でき、処理回路による装置コストの増加を防止することが可能となる。 Further, according to the first embodiment, in any of response data generation processing, at least device authentication, data integrity authentication, and data encryption, a pixel address is used as a challenge and a predetermined The information security signal processing including the authentication processing in which the response data generated in the procedure is used as a response is executed as the signal processing in the blanking period of the image signal processing or the signal processing for each row (line).
As a result, it is possible to prevent the image data frame rate from decreasing due to the processing time of signal processing for information security, and to prevent an increase in the device cost due to the processing circuit.
 このように、本第1の実施形態によれば、情報セキュリティのための信号処理の処理時間による画像データフレームレートの低下を防止でき、処理回路による装置コストの増加を防止することが可能で、また煩雑な手間を要することなく、認証精度を確保しながらCR認証回数を増大させることが可能となり、秘匿性の高い固有のレスポンスデータを生成することが可能で、ひいては画像の改ざん、ねつ造を確実に防止することが可能となる。 As described above, according to the first embodiment, it is possible to prevent a decrease in the image data frame rate due to the processing time of signal processing for information security, and prevent an increase in the device cost due to the processing circuit. In addition, it is possible to increase the number of CR authentications while ensuring authentication accuracy without requiring complicated work, and it is possible to generate unique response data with high confidentiality, which in turn ensures image tampering and falsification. Can be prevented.
 なお、上記の鍵生成部282は、画素または読み出し回路240のばらつき情報に基づいて固有鍵を生成する例について説明したが、異なるばらつき情報により生成した固有鍵同士の演算を行って最終的な固有鍵を得るように構成することも可能である。
 たとえば、次のように構成することも可能である。 The above-described key generation unit 282 has described the example in which the unique keys are generated based on the variation information of the pixels or the reading circuit 240. However, the unique keys generated by the different variation information are operated to obtain the final unique keys. It can also be configured to obtain the key.
For example, the following configuration is also possible.
 すなわち、鍵生成部282は、たとえば、読み出し回路240のADC241、アンプ(AMP)242、またはS/H回路243のばらつき情報を用いて第1固有鍵を生成する第1機能と、読み出し回路240のカラムメモリ245のSRAMの出力を用いて第2固有鍵を生成する第2機能と、を含み、第1機能により生成された第1固有鍵と、第2機能により生成された第2固有鍵とを演算することにより最終的な固有鍵を生成するように構成することも可能である。 That is, the key generation unit 282 uses, for example, the variation information of the ADC 241, the amplifier (AMP) 242, or the S / H circuit 243 of the read circuit 240 to generate the first unique key, and the read circuit 240. A first unique key generated by the first function, and a second unique key generated by the second function, and a second function of generating a second unique key by using the output of the SRAM of the column memory 245. It is also possible to construct so as to generate the final unique key by calculating.
 この構成は、画素のばらつき情報に関しても同様に適用可能である。 This configuration can be applied to pixel variation information as well.
 なお、一体化部285は、一体化する鍵情報を用いて階層的に画像部分にマスクをする機能を含むように構成してもよい。
 また、一体化部285は、一体化する鍵情報を用いて画像に電子透かしを入れる機能を含むように構成してもよい。 The integration unit 285 may be configured to include a function of hierarchically masking an image portion using the integration key information.
Further, the unifying unit 285 may be configured to include a function of adding a digital watermark to an image using the unifying key information.
 なお、本実施形態において、固体撮像装置21の各構成要素が同一パッケージ内に搭載されている構成を採用可能である。 In this embodiment, it is possible to adopt a configuration in which each component of the solid-state imaging device 21 is mounted in the same package.
 また、イメージセンサと信号処理回路とを備えたSoC(System on Chip)において、鍵および識別データを生成する信号処理をチップ内部にて完結し、チップ外部に固有鍵データを出力することなく、識別データを生成可能な構成を採用可能である。 Also, in a SoC (System on Chip) equipped with an image sensor and a signal processing circuit, signal processing for generating a key and identification data is completed inside the chip, and identification is performed without outputting unique key data to the outside of the chip. A configuration capable of generating data can be adopted.
 また、本実施形態の固体撮像装置21は、前述したように、通常の読出し駆動タイミングとは別に、リーク電流などを長時間蓄積するための駆動タイミングを備えるように構成可能である。また、アナログアンプ、デジタルアンプ、または、ADCのフルスケール電圧を縮小し、リーク電圧の蓄積電圧を強調して出力しても良い。また、複数行あるいは複数フレームのデータを平均化、または加算することで、ランダムノイズ成分を低減しても良い。 Further, as described above, the solid-state imaging device 21 of the present embodiment can be configured to have a drive timing for accumulating a leak current or the like for a long time, in addition to the normal read drive timing. Alternatively, the full-scale voltage of the analog amplifier, digital amplifier, or ADC may be reduced, and the accumulated voltage of the leak voltage may be emphasized and output. Further, the random noise component may be reduced by averaging or adding the data of a plurality of rows or a plurality of frames.
 また、読み出し回路240の構成回路のばらつき情報CFLCについて、情報取得部281は、読み出し回路240の構成回路のばらつき情報CFLCとして、ADCのばらつき情報を採用することができる。
 また、情報取得部281は、読み出し回路240の構成回路のばらつき情報CFLCとして、アンプ(AMP、増幅器)のばらつき情報を採用することができる。
 また、情報取得部281は、読み出し回路240の構成回路のばらつき情報CFLCとして、S/H回路のばらつき情報を採用することができる。
 また、情報取得部281は、読み出し回路240の構成回路のばらつき情報CFLCとして、カラムメモリのSRAMの出力(ばらつき)情報を採用することができる。 Further, regarding the variation information CFLC of the constituent circuits of the read circuit 240, the information acquisition unit 281 can employ the variation information of the ADC as the variation information CFLC of the constituent circuits of the read circuit 240.
Further, the information acquisition unit 281 can employ the variation information of the amplifier (AMP, amplifier) as the variation information CFLC of the constituent circuits of the read circuit 240.
Further, the information acquisition unit 281 can adopt the variation information of the S / H circuit as the variation information CFLC of the constituent circuits of the read circuit 240.
Further, the information acquisition unit 281 can adopt the output (variation) information of the SRAM of the column memory as the variation information CFLC of the constituent circuits of the read circuit 240.
(第2の実施形態)
 図20は、本発明の第2の実施形態に係る生体内カメラシステムの構成例を示すブロック図である。 (Second embodiment)
FIG. 20 is a block diagram showing a configuration example of an in-vivo camera system according to the second embodiment of the present invention.
 本第2の実施形態に係る生体内カメラシステム10Bが、第1の実施形態の生体内カメラシステム10,10Aと異なる点は、以下の通りである。
 本生体内カメラシステム10Bは、電力線通信を用いており、カプセル20Bに電力受信機26が設けられ、受信装置30B側に電力送信機35が設けられている。 The in-vivo camera system 10B according to the second embodiment is different from the in- vivo camera systems 10 and 10A in the first embodiment in the following points.
The in-vivo camera system 10B uses power line communication, the capsule 20B is provided with the power receiver 26, and the receiving device 30B side is provided with the power transmitter 35.
 カプセル20Bは、電力線通信を使用して受信装置30B側の電力送信機35から予め設定した要求を受信すると、受信装置30BにデバイスIDを少なくとも1回送信する。 When the capsule 20B receives a preset request from the power transmitter 35 on the receiving device 30B side using power line communication, the capsule 20B transmits the device ID to the receiving device 30B at least once.
 本第2の実施形態によれば、上述した第1の実施形態の効果と同様の効果を得ることができる。 According to the second embodiment, it is possible to obtain the same effect as the effect of the first embodiment described above.
(第3の実施形態)
 図21は、本発明の第3の実施形態に係る生体内カメラシステムの構成例を示すブロック図である。 (Third Embodiment)
FIG. 21: is a block diagram which shows the structural example of the in-vivo camera system which concerns on the 3rd Embodiment of this invention.
 本第3の実施形態に係る生体内カメラシステム10Cが、第1および第2の実施形態の生体内カメラシステム10,10A,10Bと異なる点は、以下の通りである。
 本第3の実施形態のカメラシステム10Cにおいては、カプセルデータCPDTは、ビデオデータVDのヘッダHDに埋め込まれて、誤ったデータのやりとりを防止することができるように構成されている。
  The in-vivo camera system 10C according to the third embodiment is different from the in- vivo camera systems 10, 10A, 10B of the first and second embodiments in the following points.
In the camera system 10C of the third embodiment, the capsule data CPDT is embedded in the header HD of the video data VD so that erroneous data exchange can be prevented.

Claims (24)

  1.  カメラとしての固体撮像装置が搭載された嚥下可能なカプセルと、
     前記カプセルで捕捉され無線により送信されたビデオデータを受信する受信装置と、を有し、
     前記カプセルは、
      デバイスIDを前記受信装置に送信するデバイスID回路を含み、
     前記受信装置は、
      少なくともプリセット用に受信した前記デバイスIDを格納するメモリを含む
     カメラシステム。     A swallowable capsule equipped with a solid-state imaging device as a camera,
    A receiving device for receiving the video data captured by the capsule and wirelessly transmitted,
    The capsule is
    A device ID circuit for transmitting a device ID to the receiving device,
    The receiving device is
    A camera system including a memory that stores at least the device ID received for presetting.
  2.  前記カプセルは、
      前記カメラに電力が供給されると、前記受信装置に前記デバイスIDを少なくとも1回送信する
     請求項1記載のカメラシステム。     The capsule is
    The camera system according to claim 1, wherein when power is supplied to the camera, the device ID is transmitted to the receiving device at least once.
  3.  前記カプセルは、
      青色系光が前記カメラに曝されると、前記受信装置に前記デバイスIDを少なくとも1回送信する
     請求項1記載のカメラシステム。     The capsule is
    The camera system according to claim 1, wherein when blue-colored light is exposed to the camera, the device ID is transmitted to the receiving device at least once.
  4.  前記カプセルは、
      前記受信装置からプリセットリクエストを受信すると、前記受信装置に前記デバイスIDを少なくとも1回送信する
     請求項1記載のカメラシステム。     The capsule is
    The camera system according to claim 1, wherein when the preset request is received from the receiving device, the device ID is transmitted to the receiving device at least once.
  5.  前記カプセルは、
      無線給電通信を使用して前記受信装置側の電力送信機から予め設定した要求を受信すると、前記受信装置に前記デバイスIDを少なくとも1回送信する
     請求項1記載のカメラシステム。     The capsule is
    The camera system according to claim 1, wherein when a preset request is received from a power transmitter on the receiving device side using wireless power feeding communication, the device ID is transmitted to the receiving device at least once.
  6.  前記カプセルは、
      前記受信装置による認証要求に応答して、前記デバイスID回路により生成されたデバイスIDを送信し、
     前記受信装置は、
      前記認証要求に応答として前記カプセルから送信されたデバイスIDを受信して、受信したデバイスIDと前記メモリにプリセットしてあるデバイスIDとを評価し、両IDが同一であればカプセルから送信されたビデオデータを受信するが、両IDが同一でなければ警告信号を出力する
     請求項1記載のカメラシステム。     The capsule is
    In response to the authentication request by the receiving device, the device ID generated by the device ID circuit is transmitted,
    The receiving device is
    The device ID transmitted from the capsule as a response to the authentication request is received, the received device ID and the device ID preset in the memory are evaluated, and if both IDs are the same, it is transmitted from the capsule. The camera system according to claim 1, wherein the camera system receives a video data but outputs a warning signal if both IDs are not the same.
  7.  前記受信装置は、
      認証を行う場合、前記カプセルに対して認証要求を送信し、当該認証要求に応答して前記カプセルから送信されたデバイスIDを受信して、受信したデバイスIDと前記メモリにプリセットしてあるデバイスIDとを評価し、両IDが同一であれば、カプセルにビデオデータを送信するよう要求し、
     前記カプセルは、
      前記受信装置による認証要求に応答して、前記デバイスID回路により生成されたデバイスIDを送信し、
      前記受信装置からの送信要求に応答してカメラで捕捉したビデオデータを前記受信装置に送信する
     請求項1記載のカメラシステム。     The receiving device is
    When performing authentication, an authentication request is sent to the capsule, the device ID sent from the capsule in response to the authentication request is received, and the received device ID and the device ID preset in the memory are received. If both IDs are the same, request the capsule to send the video data,
    The capsule is
    In response to the authentication request by the receiving device, the device ID generated by the device ID circuit is transmitted,
    The camera system according to claim 1, wherein the video data captured by the camera is transmitted to the receiving device in response to a transmission request from the receiving device.
  8.  前記カプセルは、
      デバイスIDに基づいてキーを生成するキー生成回路を備え、
      データ保護を行う場合、前記受信装置にビデオデータおよび符号化データをキーで送信し、
     前記受信装置は、
      受信したビデオデータおよびキーを前記メモリにプリセットされているデバイスIDに基づいて評価し、ビデオデータの完全性および信頼性を保護する
     請求項1記載のカメラシステム。     The capsule is
    A key generation circuit for generating a key based on the device ID,
    When data protection is performed, video data and encoded data are transmitted to the receiving device by a key,
    The receiving device is
    The camera system according to claim 1, wherein the received video data and the key are evaluated based on a device ID preset in the memory to protect the integrity and reliability of the video data.
  9.  前記カプセルは、
      デバイスIDに基づいてキーを生成するキー生成回路を備え、
      前記受信装置に暗号化されたビデオデータをキーで送信し、
     前記受信装置は、
      ビデオデータを保護するために、受信した暗号化ビデオデータを前記メモリにプリセットされているデバイスIDに基づくキーで復号化する
     請求項1記載のカメラシステム。     The capsule is
    A key generation circuit for generating a key based on the device ID,
    Sending encrypted video data to the receiving device with a key,
    The receiving device is
    The camera system according to claim 1, wherein in order to protect the video data, the received encrypted video data is decrypted with a key based on a device ID preset in the memory.
  10.  前記デバイスID回路は、
      固体撮像装置のヒューズ、送信装置のヒューズ、PUF系回路、または固体撮像装置のPUF系回路により形成される
     請求項1記載のカメラシステム。     The device ID circuit is
    The camera system according to claim 1, which is formed by a fuse of the solid-state imaging device, a fuse of the transmission device, a PUF system circuit, or a PUF system circuit of the solid-state imaging device.
  11.  前記デバイスID回路を形成する固体撮像装置のPUF系回路は、
      光電変換機能を有する複数の画素が行列状に配列された画素部と、
      前記画素部から画素信号の読み出しを行う読み出し部と、
      前記画素のばらつき情報および前記読み出し部のばらつき情報の少なくともいずれかに関連付けてレスポンスデータを生成するレスポスデータ生成部を含み、通常画像を生成する通常動作モードとは異なるセキュリティモードでレスポンスデータの生成処理を含む情報セキュリティ信号処理が可能な信号処理回路と、を有し、
      前記信号処理回路は、
       前記情報セキュリティ信号処理を、画像信号処理のブランキング期間の信号処理または行ごとの信号処理として実行する
     請求項10記載のカメラシステム。     The PUF system circuit of the solid-state imaging device forming the device ID circuit is
    A pixel portion in which a plurality of pixels having a photoelectric conversion function are arranged in a matrix,
    A reading unit for reading a pixel signal from the pixel unit;
    Generating response data in a security mode different from the normal operation mode for generating a normal image, including a response data generation unit for generating response data in association with at least one of the pixel variation information and the readout unit variation information A signal processing circuit capable of information security signal processing including processing,
    The signal processing circuit,
    The camera system according to claim 10, wherein the information security signal processing is executed as signal processing in a blanking period of image signal processing or signal processing for each row.
  12.  前記情報セキュリティ信号処理は、
      少なくとも、デバイス認証、データ整合性認証、およびデータ暗号化のいずれかである
     請求項11記載のカメラシステム。     The information security signal processing is
    The camera system according to claim 11, which is at least one of device authentication, data integrity authentication, and data encryption.
  13.  前記情報セキュリティ信号処理は、
      画素アドレスをチャレンジ(Challenge)とし、所定の手順で生成したレスポンスデータをレスポンス(Response)とする認証処理を含み、
     前記信号処理回路は、
      前記デバイス認証では、
       画素読み出し中に画素のアドレスチャレンジを生成し、
       セキュリティモードにおいて、垂直ブランキング期間中に前記生成したアドレスに従って画素にアクセスし、
       当該垂直ブランキング期間中に画素信号を処理してデバイスIDを取得し、
       前記垂直ブランキング期間中または次の画素読み出し期間中に前記生成したアドレスをチャレンジとして、取得したデバイスIDをレスポンスとして送信する
     請求項12記載のカメラシステム。     The information security signal processing is
    Pixel address as a challenge (Challenge), including the authentication process that makes the response data generated in a predetermined procedure the response (Response),
    The signal processing circuit,
    In the device authentication,
    Generate a pixel address challenge during pixel readout,
    In the security mode, the pixel is accessed according to the generated address during the vertical blanking period,
    During the vertical blanking period, the pixel signal is processed to obtain the device ID,
    The camera system according to claim 12, wherein the generated address is used as a challenge and the acquired device ID is transmitted as a response during the vertical blanking period or the next pixel reading period.
  14.  前記情報セキュリティ信号処理は、
      画素アドレスをチャレンジ(Challenge)とし、所定の手順で生成したレスポンスデータをレスポンス(Response)とする認証処理を含み、
     前記信号処理回路は、
      前記デバイス認証では、
       画素読み出し中に制御装置からの画素のアドレスチャレンジを受信し、
       セキュリティモードにおいて、垂直ブランキング期間中に前記受信したアドレスに従って画素にアクセスし、
       当該垂直ブランキング期間中に画素信号を処理してデバイスIDを取得し、
       前記垂直ブランキング期間中または次の画素読み出し期間中に取得したデバイスIDを前記チャレンジに対するレスポンスとして送信する
     請求項12記載のカメラシステム。     The information security signal processing is
    Pixel address as a challenge (Challenge), including the authentication process that makes the response data generated in a predetermined procedure the response (Response),
    The signal processing circuit,
    In the device authentication,
    Receiving a pixel address challenge from the controller during pixel readout,
    In security mode, access the pixel according to the received address during the vertical blanking period,
    During the vertical blanking period, the pixel signal is processed to obtain the device ID,
    The camera system according to claim 12, wherein the device ID acquired during the vertical blanking period or during the next pixel reading period is transmitted as a response to the challenge.
  15.  前記信号処理回路は、
      前記データ整合性認証では、
       デバイスIDを取得するための画素アドレスを設定し、
       垂直ブランキング期間中にアドレス指定された画素のばらつき情報からデバイスIDを取得し、
       ライン画素信号を読み込み、メッセージ認証符号(MAC)機能により、デバイスIDを固有鍵、ライン画素信号をメッセージとするデータタグを生成し、
       水平ブランキング期間中または垂直ブランキング期間中に、画素アドレス、ライン画素信号、およびデータタグを、整合性認証を行う前記受信装置側に転送する
     請求項12記載のカメラシステム。     The signal processing circuit,
    In the data integrity authentication,
    Set the pixel address to get the device ID,
    The device ID is acquired from the variation information of the pixel addressed during the vertical blanking period,
    A line pixel signal is read, and a message authentication code (MAC) function is used to generate a data tag having a device ID as a unique key and a line pixel signal as a message.
    The camera system according to claim 12, wherein a pixel address, a line pixel signal, and a data tag are transferred to the receiving device side that performs integrity authentication during a horizontal blanking period or a vertical blanking period.
  16.  前記信号処理回路は、
      前記データ暗号化では、
       デバイスIDを取得するための画素アドレスを設定し、
       垂直ブランキング期間中にアドレス指定された画素のばらつき情報からデバイスIDを取得し、
       前記画素部から第1行の画素信号を読み出し、当該画素信号を内部のラインメモリに保存し、
       前記画素部から第2行の画素信号を読み出し中に、前記第1行の画素信号を前記デバイスIDである鍵で暗号化し、
       前記画素部から第3行の画素信号を読み出し中に、暗号化された前記第1行の画素信号および画素アドレスを、暗号解読処理する前記受信装置側に転送する
     請求項12記載のカメラシステム。     The signal processing circuit,
    In the data encryption,
    Set the pixel address to get the device ID,
    The device ID is acquired from the variation information of the pixel addressed during the vertical blanking period,
    Reading the pixel signal of the first row from the pixel section, storing the pixel signal in an internal line memory,
    While reading the pixel signals of the second row from the pixel unit, the pixel signals of the first row are encrypted with the key that is the device ID,
    The camera system according to claim 12, wherein the encrypted pixel signal and pixel address of the first row are transferred to the receiving device side that performs the decryption processing while the pixel signal of the third row is being read from the pixel unit.
  17.  前記画素は、
      蓄積期間に光電変換により生成した電荷を蓄積する光電変換素子と、
      前記光電変換素子に蓄積された電荷を転送期間に転送可能な転送素子と、
      前記転送素子を通じて前記光電変換素子で蓄積された電荷が転送されるフローティングディフュージョンと、
      前記フローティングディフュージョンの電荷を電荷量に応じた利得をもって電圧信号に変換するソースフォロワ素子と、
      前記フローティングディフュージョンを所定電位にリセットするリセット素子と、を含む
     請求項12記載のカメラシステム。     The pixel is
    A photoelectric conversion element that accumulates charges generated by photoelectric conversion in the accumulation period,
    A transfer element capable of transferring the charge accumulated in the photoelectric conversion element during a transfer period,
    A floating diffusion to which the charges accumulated in the photoelectric conversion element are transferred through the transfer element,
    A source follower element for converting the electric charge of the floating diffusion into a voltage signal with a gain according to the amount of electric charge;
    The camera system according to claim 12, further comprising a reset element that resets the floating diffusion to a predetermined potential.
  18.  前記画素部は、
      一つの前記フローティングディフュージョン、一つの前記ソースフォロワ素子、および一つのリセット素子を複数の前記光電変換素子および前記転送素子で共有する画素共有構造を有する
     請求項17記載のカメラシステム。     The pixel portion is
    18. The camera system according to claim 17, further comprising a pixel sharing structure in which one of the floating diffusions, one of the source follower elements, and one of the reset elements are shared by the plurality of photoelectric conversion elements and the transfer elements.
  19.  画素アレイ端に画素出力電圧振幅を制限するクリップ回路が配置されている
     請求項18記載のカメラシステム。     The camera system according to claim 18, wherein a clipping circuit that limits the pixel output voltage amplitude is arranged at the pixel array end.
  20.  カメラとしての固体撮像装置が搭載された嚥下可能なカプセルと、
     前記カプセルで捕捉され無線により送信されたビデオデータを受信する受信装置と、を有するカメラシステムの駆動方法であって、
     前記カプセルが所定のトリガに応答して、前記受信装置に前記デバイスIDを少なくとも1回送信し、
     前記受信装置が、受信した前記デバイスIDをプリセット用としてメモリに格納する
     カメラシステムの駆動方法。     A swallowable capsule equipped with a solid-state imaging device as a camera,
    A driving method of a camera system, comprising: a receiving device that receives video data captured by the capsule and wirelessly transmitted.
    The capsule transmits the device ID to the receiving device at least once in response to a predetermined trigger,
    A driving method of a camera system, wherein the receiving device stores the received device ID in a memory for presetting.
  21.  前記カプセルが、認証要求と、前記デバイスID回路により生成されたデバイスID、続いて、カメラで捕捉したビデオデータを前記受信装置に送信し、
     前記受信装置が、前記カプセルから送信された認証要求とデバイスIDを受信して、前記認証要求に対応して受信したデバイスIDと前記メモリにプリセットしてあるデバイスIDとを評価し、両IDが同一であれば、前記ビデオデータを受信し処理する
     請求項20記載のカメラシステムの駆動方法。     The capsule sends an authentication request, a device ID generated by the device ID circuit, and subsequently video data captured by a camera to the receiving device,
    The receiving device receives the authentication request and the device ID transmitted from the capsule, evaluates the device ID received in response to the authentication request and the device ID preset in the memory, and the both IDs are 21. The method for driving a camera system according to claim 20, wherein, if they are the same, the video data is received and processed.
  22.  前記受信装置が、認証を行う場合、前記カプセルに対して認証要求を送信し、
     前記カプセルが前記受信装置による認証要求に応答して、前記デバイスID回路により生成されたデバイスIDを送信し、
     前記受信装置が、当該認証要求に応答して前記カプセルから送信されたデバイスIDを受信して、受信したデバイスIDと前記メモリにプリセットしてあるデバイスIDとを評価し、両IDが同一であれば、カプセルにビデオデータを送信するよう要求し、
     前記カプセルが、前記受信装置からの送信要求に応答してカメラで捕捉したビデオデータを前記受信装置に送信する
     請求項20記載のカメラシステムの駆動方法。     When the receiving device performs authentication, it sends an authentication request to the capsule,
    The capsule transmits a device ID generated by the device ID circuit in response to an authentication request by the receiving device,
    The receiving device receives the device ID transmitted from the capsule in response to the authentication request, evaluates the received device ID and the device ID preset in the memory, and if both IDs are the same. Request the capsule to send video data,
    The driving method for a camera system according to claim 20, wherein the capsule transmits video data captured by a camera to the receiving device in response to a transmission request from the receiving device.
  23.  データ保護を行う場合、前記カプセルが前記受信装置にビデオデータおよび符号化データをキーで送信し、
     前記受信装置が、受信したビデオデータおよびキーを前記メモリにプリセットされているデバイスIDに基づいて評価し、ビデオデータの完全性および信頼性を保護する
     請求項20記載のカメラシステムの駆動方法。     When performing data protection, the capsule sends video data and encoded data to the receiving device with a key,
    21. The driving method for a camera system according to claim 20, wherein the receiving device evaluates the received video data and the key based on a device ID preset in the memory to protect the integrity and reliability of the video data.
  24.  前記カプセルが、前記受信装置に暗号化されたビデオデータをキーで送信し、
     前記受信装置が、ビデオデータを保護するために、受信した暗号化ビデオデータを前記メモリにプリセットされているデバイスIDに基づくキーで復号化する
     請求項20記載のカメラシステムの駆動方法。
          The capsule sends the encrypted video data to the receiving device with a key,
    The camera system driving method according to claim 20, wherein the receiving device decrypts the received encrypted video data with a key based on a device ID preset in the memory to protect the video data.
PCT/JP2019/043612 2018-11-12 2019-11-07 Camera system and method of driving camera system WO2020100704A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2020555574A JPWO2020100704A1 (en) 2018-11-12 2019-11-07 Camera system and how to drive the camera system

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2018-212194 2018-11-12
JP2018212194 2018-11-12

Publications (1)

Publication Number Publication Date
WO2020100704A1 true WO2020100704A1 (en) 2020-05-22

Family

ID=70730810

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2019/043612 WO2020100704A1 (en) 2018-11-12 2019-11-07 Camera system and method of driving camera system

Country Status (2)

Country Link
JP (1) JPWO2020100704A1 (en)
WO (1) WO2020100704A1 (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003325439A (en) * 2002-05-15 2003-11-18 Olympus Optical Co Ltd Capsule type medical treatment device
JP2009045135A (en) * 2007-08-15 2009-03-05 Hoya Corp Capsule endoscope, receiver and endoscope system
JP2009056159A (en) * 2007-08-31 2009-03-19 Olympus Medical Systems Corp System for acquiring information inside subject
JP2010227200A (en) * 2009-03-26 2010-10-14 Rohm Co Ltd Endoscope
JP2018117269A (en) * 2017-01-19 2018-07-26 ブリルニクスジャパン株式会社 Solid-state imaging apparatus, method for driving solid-state imaging apparatus, and electronic equipment

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003325439A (en) * 2002-05-15 2003-11-18 Olympus Optical Co Ltd Capsule type medical treatment device
JP2009045135A (en) * 2007-08-15 2009-03-05 Hoya Corp Capsule endoscope, receiver and endoscope system
JP2009056159A (en) * 2007-08-31 2009-03-19 Olympus Medical Systems Corp System for acquiring information inside subject
JP2010227200A (en) * 2009-03-26 2010-10-14 Rohm Co Ltd Endoscope
JP2018117269A (en) * 2017-01-19 2018-07-26 ブリルニクスジャパン株式会社 Solid-state imaging apparatus, method for driving solid-state imaging apparatus, and electronic equipment

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
INOUE, SHIORI ET AL.: "Examination of Challenge & Response authentication of PUF (CIS- PUF) using a characteristic variation of CMOS image sensor", CMOS PUF(CIS- PUF) CHALLENGE & RESPONSE 2018 SYMPOSIUM ON CRYPTOGRAPHY AND INFORMATION SECURITY(SCIS2018) PROGRAM, 2 February 2018 (2018-02-02), Retrieved from the Internet <URL:http://web.archive.org/web/20180202202745/https://www.iwsec.org/scis/2018/program.html> *
ISSHIKI, RYOTA ET AL.: "A Study on Error Correction Method of PUF ID Using Characteristics of Output Signal in CIS-PUF", ID 2018 SYMPOSIUM ON CRYPTOGRAPHY AND INFORMATION SECURITY(SCIS2018) PROGRAM, 2 February 2018 (2018-02-02), Retrieved from the Internet <URL:http://web.archive.org/web/20180202202745/https://www.iwsec.org/scis/2018/program.html> *
SHIRAHATA, MASAYOSHI ET AL.: "Research and development of IoT hardware security infrastructure using non-duplicatable devices- Research on color image sensor PUF", LECTURE PROCEEDINGS OF KANSAI-SECTION JOINT CONVENTION OF INSTITUTES OF ELECTRICAL ENGINEERING ( CD-ROM, vol. 2017, 6 November 2017 (2017-11-06), pages ROMBUNNO.G9 - 1 *

Also Published As

Publication number Publication date
JPWO2020100704A1 (en) 2021-09-24

Similar Documents

Publication Publication Date Title
TWI752429B (en) Solid-state imaging device, driving method for solid-state imaging device, and electronic device
JP6853934B2 (en) Solid-state image sensor, solid-state image sensor drive method, and electronic equipment
JP6606659B2 (en) Solid-state imaging device, driving method of solid-state imaging device, and electronic apparatus
CN110235436B (en) Information processing apparatus, information processing method, and recording medium
CN111587571B (en) Solid-state imaging element
US20210127080A1 (en) Solid-state imaging device, method for driving solid-state imaging device, and electronic apparatus
JP7031326B2 (en) Solid-state image sensor, solid-state image sensor driving method, and electronic equipment
WO2019142540A1 (en) Solid-state imaging device and information processing method of solid-state imaging device
KR20190110541A (en) Information processing method of solid-state imaging device and solid-state imaging device
WO2019188411A1 (en) Solid-state imaging device, method for driving solid-state imaging device, and electronic apparatus
WO2020100704A1 (en) Camera system and method of driving camera system
US20210365553A1 (en) Control device and control method
US20240121419A1 (en) Imaging apparatus and imaging method
Okura et al. P01 A Proposal of PUF Utilizing Pixel Variations in the CMOS Image Sensor

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19885733

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2020555574

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19885733

Country of ref document: EP

Kind code of ref document: A1