WO2022172698A1 - 情報処理装置、移動体装置、および通信システム - Google Patents
情報処理装置、移動体装置、および通信システム Download PDFInfo
- Publication number
- WO2022172698A1 WO2022172698A1 PCT/JP2022/001450 JP2022001450W WO2022172698A1 WO 2022172698 A1 WO2022172698 A1 WO 2022172698A1 JP 2022001450 W JP2022001450 W JP 2022001450W WO 2022172698 A1 WO2022172698 A1 WO 2022172698A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- packet
- communication
- phy
- cci
- extended
- Prior art date
Links
- 230000006854 communication Effects 0.000 title claims abstract description 1177
- 238000004891 communication Methods 0.000 title claims abstract description 1174
- 230000010365 information processing Effects 0.000 title claims abstract description 63
- 239000013598 vector Substances 0.000 claims description 198
- 230000001681 protective effect Effects 0.000 claims description 15
- 230000001012 protector Effects 0.000 claims description 14
- 238000012545 processing Methods 0.000 description 1352
- 230000005540 biological transmission Effects 0.000 description 749
- 238000000034 method Methods 0.000 description 705
- 230000008569 process Effects 0.000 description 605
- 230000004044 response Effects 0.000 description 438
- 238000001514 detection method Methods 0.000 description 321
- 230000005856 abnormality Effects 0.000 description 249
- 238000010586 diagram Methods 0.000 description 228
- 238000004364 calculation method Methods 0.000 description 196
- 230000006870 function Effects 0.000 description 162
- 238000003384 imaging method Methods 0.000 description 124
- 238000003745 diagnosis Methods 0.000 description 118
- 238000012986 modification Methods 0.000 description 82
- 230000004048 modification Effects 0.000 description 82
- 238000004422 calculation algorithm Methods 0.000 description 78
- 238000012795 verification Methods 0.000 description 74
- 238000003860 storage Methods 0.000 description 72
- 230000000737 periodic effect Effects 0.000 description 71
- 230000002159 abnormal effect Effects 0.000 description 68
- 238000013524 data verification Methods 0.000 description 50
- VIEYMVWPECAOCY-UHFFFAOYSA-N 7-amino-4-(chloromethyl)chromen-2-one Chemical compound ClCC1=CC(=O)OC2=CC(N)=CC=C21 VIEYMVWPECAOCY-UHFFFAOYSA-N 0.000 description 43
- 238000012790 confirmation Methods 0.000 description 41
- 238000005516 engineering process Methods 0.000 description 36
- 238000012546 transfer Methods 0.000 description 36
- 230000008859 change Effects 0.000 description 34
- 230000014509 gene expression Effects 0.000 description 25
- 150000003839 salts Chemical class 0.000 description 22
- 230000015654 memory Effects 0.000 description 21
- 101000741965 Homo sapiens Inactive tyrosine-protein kinase PRAG1 Proteins 0.000 description 20
- 102100038659 Inactive tyrosine-protein kinase PRAG1 Human genes 0.000 description 20
- 238000004458 analytical method Methods 0.000 description 20
- 230000007257 malfunction Effects 0.000 description 16
- 238000002347 injection Methods 0.000 description 15
- 239000007924 injection Substances 0.000 description 15
- 238000004140 cleaning Methods 0.000 description 14
- 238000006243 chemical reaction Methods 0.000 description 13
- 238000012856 packing Methods 0.000 description 13
- 230000007717 exclusion Effects 0.000 description 12
- 238000005259 measurement Methods 0.000 description 11
- 230000033228 biological regulation Effects 0.000 description 9
- 239000000470 constituent Substances 0.000 description 9
- 239000000284 extract Substances 0.000 description 9
- 230000002452 interceptive effect Effects 0.000 description 9
- 230000036961 partial effect Effects 0.000 description 9
- 230000002829 reductive effect Effects 0.000 description 9
- 230000004075 alteration Effects 0.000 description 8
- 230000008901 benefit Effects 0.000 description 7
- 230000006378 damage Effects 0.000 description 7
- 238000009795 derivation Methods 0.000 description 7
- 238000009826 distribution Methods 0.000 description 7
- 230000000977 initiatory effect Effects 0.000 description 7
- 238000003780 insertion Methods 0.000 description 7
- 230000037431 insertion Effects 0.000 description 7
- 238000007689 inspection Methods 0.000 description 7
- 238000007726 management method Methods 0.000 description 7
- 230000000694 effects Effects 0.000 description 6
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 6
- 239000000523 sample Substances 0.000 description 6
- 101150071456 CSI2 gene Proteins 0.000 description 5
- 230000009977 dual effect Effects 0.000 description 5
- 230000001976 improved effect Effects 0.000 description 5
- 230000007246 mechanism Effects 0.000 description 5
- 230000008093 supporting effect Effects 0.000 description 5
- 101100451967 Rattus norvegicus Ephx1 gene Proteins 0.000 description 4
- 230000002547 anomalous effect Effects 0.000 description 4
- 230000009118 appropriate response Effects 0.000 description 4
- 238000013473 artificial intelligence Methods 0.000 description 4
- 238000013499 data model Methods 0.000 description 4
- 238000005286 illumination Methods 0.000 description 4
- 230000001151 other effect Effects 0.000 description 4
- 238000005096 rolling process Methods 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 125000004122 cyclic group Chemical group 0.000 description 3
- 238000013478 data encryption standard Methods 0.000 description 3
- 230000002950 deficient Effects 0.000 description 3
- 238000013461 design Methods 0.000 description 3
- 230000002093 peripheral effect Effects 0.000 description 3
- 230000002441 reversible effect Effects 0.000 description 3
- 239000000758 substrate Substances 0.000 description 3
- YNPNZTXNASCQKK-UHFFFAOYSA-N Phenanthrene Natural products C1=CC=C2C3=CC=CC=C3C=CC2=C1 YNPNZTXNASCQKK-UHFFFAOYSA-N 0.000 description 2
- 102100028949 Serine/threonine-protein kinase TAO2 Human genes 0.000 description 2
- DGEZNRSVGBDHLK-UHFFFAOYSA-N [1,10]phenanthroline Chemical compound C1=CN=C2C3=NC=CC=C3C=CC2=C1 DGEZNRSVGBDHLK-UHFFFAOYSA-N 0.000 description 2
- 230000006978 adaptation Effects 0.000 description 2
- 230000002411 adverse Effects 0.000 description 2
- 230000007175 bidirectional communication Effects 0.000 description 2
- 230000002457 bidirectional effect Effects 0.000 description 2
- BFAKENXZKHGIGE-UHFFFAOYSA-N bis(2,3,5,6-tetrafluoro-4-iodophenyl)diazene Chemical compound FC1=C(C(=C(C(=C1F)I)F)F)N=NC1=C(C(=C(C(=C1F)F)I)F)F BFAKENXZKHGIGE-UHFFFAOYSA-N 0.000 description 2
- 230000007547 defect Effects 0.000 description 2
- 230000003111 delayed effect Effects 0.000 description 2
- 230000006872 improvement Effects 0.000 description 2
- 230000010354 integration Effects 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 239000000463 material Substances 0.000 description 2
- 239000003973 paint Substances 0.000 description 2
- 239000000779 smoke Substances 0.000 description 2
- 230000001360 synchronised effect Effects 0.000 description 2
- 238000010200 validation analysis Methods 0.000 description 2
- 240000007594 Oryza sativa Species 0.000 description 1
- 235000007164 Oryza sativa Nutrition 0.000 description 1
- 230000009471 action Effects 0.000 description 1
- 230000004913 activation Effects 0.000 description 1
- 230000032683 aging Effects 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 230000000903 blocking effect Effects 0.000 description 1
- 230000003139 buffering effect Effects 0.000 description 1
- 230000015556 catabolic process Effects 0.000 description 1
- 239000003795 chemical substances by application Substances 0.000 description 1
- 230000000295 complement effect Effects 0.000 description 1
- 230000001010 compromised effect Effects 0.000 description 1
- 238000012937 correction Methods 0.000 description 1
- 238000005520 cutting process Methods 0.000 description 1
- 238000013144 data compression Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000009849 deactivation Effects 0.000 description 1
- 230000007423 decrease Effects 0.000 description 1
- 238000006731 degradation reaction Methods 0.000 description 1
- 230000006698 induction Effects 0.000 description 1
- 230000001939 inductive effect Effects 0.000 description 1
- 230000000670 limiting effect Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 229910044991 metal oxide Inorganic materials 0.000 description 1
- 150000004706 metal oxides Chemical class 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000010287 polarization Effects 0.000 description 1
- 238000002360 preparation method Methods 0.000 description 1
- 235000009566 rice Nutrition 0.000 description 1
- 235000002020 sage Nutrition 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 238000000926 separation method Methods 0.000 description 1
- 230000035882 stress Effects 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0891—Revocation or update of secret information, e.g. encryption key update or rekeying
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3242—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0637—Modes of operation, e.g. cipher block chaining [CBC], electronic codebook [ECB] or Galois/counter mode [GCM]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
Definitions
- the present disclosure relates to information processing devices, mobile devices, and communication systems, and more particularly to information processing devices, mobile devices, and communication systems that allow the use of session keys.
- CSI Code Serial Interface-2 ver4.0
- C-PHY Physical layer
- D-PHY Physical layer
- the CSI-2 standard has come to be widely used not only for mobile devices, but also for various purposes such as in-vehicle and IoT (Internet of Things).
- IoT Internet of Things
- MIPI Mobile Industry Processor Interface
- Non-Patent Document 1 a method for establishing an SPDM session is disclosed. Also, in the SPDM extension standard described in Non-Patent Document 2, a method of applying an SPDM session is disclosed.
- the present disclosure has been made in view of such circumstances, and is intended to solve the problems or problems of information processing devices, mobile devices, and communication systems that use session keys.
- An information processing apparatus includes a protector that protects first communication between a first device and a second device and second communication between a third device and a second device. ing.
- the protection unit executes the following (1) to (4). (1) deriving or receiving a first session key; (2) using the first session key for encryption or decryption and message authentication of a first communication; (3) a first session key protected by the first session key; (4) using the second session key for encryption, decryption or message authentication of the second communication, wherein from the start to the end of use of the second session key; The total number of times of communication or the total amount of communication data between is different between the third communication between the first device and the third device and the first communication.
- a mobile device comprises a protector that protects a first communication between a first device and a second device and a second communication between a third device and a second device. ing.
- the protection unit executes the following (1) to (4). (1) deriving or receiving a first session key; (2) using the first session key for encryption or decryption and message authentication of a first communication; (3) a first session key protected by the first session key; (4) using the second session key for encryption, decryption or message authentication of the second communication, wherein from the start to the end of use of the second session key; The total number of times of communication or the total amount of communication data between is different between the third communication between the first device and the third device and the first communication.
- a communication system includes a protector that protects first communication between a first device and a second device and second communication between a third device and a second device.
- the protection unit executes the following (1) to (4). (1) deriving or receiving a first session key; (2) using the first session key for encryption or decryption and message authentication of a first communication; (3) a first session key protected by the first session key; (4) using the second session key for encryption, decryption or message authentication of the second communication, wherein from the start to the end of use of the second session key; The total number of times of communication or the total amount of communication data between is different between the third communication between the first device and the third device and the first communication.
- FIG. 1 is a block diagram showing a configuration example of a first embodiment of a communication system to which the present technology is applied;
- FIG. FIG. 11 is a block diagram showing a configuration example of a second embodiment of a communication system to which the present technology is applied;
- FIG. 4 is a diagram showing a first structure example of an overall packet structure of an extension packet for D-PHY;
- FIG. 10 is a diagram showing a first structural example of a packet structure of an extended short packet for D-PHY;
- FIG. 4 is a diagram showing a first structural example of a packet structure of an extended long packet for D-PHY;
- FIG. 4 is a diagram showing a first structural example of an overall packet structure of an extension packet for C-PHY;
- FIG. 4 is a diagram showing a first structural example of a packet structure of an extended short packet for C-PHY;
- FIG. 4 is a diagram showing a first structural example of a packet structure of an extended long packet for C-PHY; It is a block diagram which shows the structural example of an image sensor.
- 3 is a block diagram showing a configuration example of an application processor;
- FIG. 10 is a flowchart for explaining processing in which an image sensor transmits packets; 9 is a flowchart for explaining extended mode transmission processing;
- FIG. 10 is a flowchart for explaining processing for an application processor to receive a packet;
- FIG. 9 is a flowchart for explaining extended mode reception processing;
- FIG. 10 is a diagram illustrating a second structural example of an overall packet structure of an extension packet for D-PHY;
- FIG. 10 is a diagram illustrating a second structural example of a packet structure of an extended long packet for D-PHY;
- FIG. 10 is a diagram showing a second structural example of a packet structure of an extended short packet for C-PHY;
- FIG. 10 is a diagram illustrating a second structural example of a packet structure of an extended long packet for C-PHY;
- FIG. 11 is a block diagram showing a modification of the configuration for switching between D-PHY and C-PHY;
- FIG. 11 is a block diagram showing a configuration example of a third embodiment of a communication system to which the present technology is applied;
- FIG. 10 is a diagram showing a structure example of an extension packet for D-PHY that complies with the regulation of packet alteration prohibition;
- FIG. 10 is a diagram showing an example structure of an extension packet for C-PHY that conforms to the regulation of packet alteration prohibition;
- FIG. 10 is a diagram showing an example of the structure of an extension packet for A-PHY that complies with the regulation of packet alteration prohibition;
- FIG. 10 is a flowchart for explaining packet transmission/reception processing that conforms to the regulation of packet alteration prohibition;
- FIG. FIG. 3 is a block diagram showing a configuration example of an image sensor that conforms to the regulation prohibiting packet alteration;
- FIG. 3 is a diagram showing an example of a packet configuration of a read command generated on the application processor side;
- FIG. 4 is a diagram showing an example of a packet configuration of a read command transferred by A-PHY;
- FIG. 4 is a diagram showing an example of a packet configuration of a read command and read data on the image sensor side;
- FIG. 4 is a diagram showing an example of a packet configuration of read data transferred by A-PHY;
- FIG. 4 is a diagram showing an example of a packet configuration of read data acquired by an application processor;
- FIG. 4 is a diagram illustrating an example of a packet configuration of write data generated on the application processor side;
- FIG. 4 is a diagram showing an example of a packet configuration of write data transferred by A-PHY;
- FIG. 3 is a diagram showing an example of a packet configuration of write data acquired by an image sensor;
- FIG. 4 is a diagram illustrating an outline of an extended packet header ePH and an extended packet footer ePF;
- FIG. 10 is a flowchart for explaining initial setting and confirmation operation of communication processing using CCI-FS;
- FIG. 4 is a flow chart for explaining a write operation using CCI-FS; 4 is a flow chart explaining a read operation using CCI-FS; 1 is a block diagram showing a configuration example of a communication system in which an image sensor and an application processor are configured for SerDes connection;
- FIG. 3 is a diagram showing an example of a packet configuration of a read command generated on the application processor side;
- FIG. 4 is a diagram showing an example of a packet configuration of a read command output by I2C/I3C;
- FIG. 4 is a diagram showing an example of a packet configuration of a read command transferred by A-PHY;
- FIG. 3 is a diagram showing an example of a packet configuration of read data generated by a SerDes device on the slave side;
- FIG. 4 is a diagram showing an example of a packet configuration of a read command and read data on the image sensor side;
- FIG. 4 is a diagram showing an example of a packet configuration of read data output by I2C/I3C;
- FIG. 4 is a diagram showing an example of a packet configuration of read data transferred by A-PHY;
- FIG. 4 is a diagram showing an example of a packet configuration of read data output by I2C/I3C;
- FIG. 4 is a diagram showing an example of a packet configuration of read data acquired by an application processor;
- FIG. 10 is a flowchart for explaining initial setting and confirmation operation of communication processing using CCI-FS;
- FIG. 4 is a flow chart for explaining a write operation using CCI-FS; 4 is a flow chart explaining a read operation using CCI-FS; FIG. 10 is a flowchart for explaining Sequence A_Write (during AP) processing; FIG. FIG. 10 is a flowchart for explaining Sequence A_Read_CMD (during AP) processing; FIG. FIG. 10 is a flowchart for explaining Sequence C (during AP) processing; FIG. FIG. 10 is a flowchart for explaining Sequence B (SerDes (Slave)) processing; FIG. FIG. 10 is a flowchart for explaining Sequence A_Read_Data (during AP) processing; FIG. FIG.
- FIG. 4 is a diagram showing details of an extended packet header ePH0, an extended packet header ePH1, and an extended packet header ePH2;
- FIG. 10 is a diagram showing details of an extended packet header ePH3;
- FIG. 10 is a diagram showing details of the extended DT of the extended packet header ePH;
- FIG. 11 is a block diagram showing a configuration example of conventional I2C hardware;
- FIG. 4 is a diagram showing an example of waveforms during data transfer on the I2C bus;
- FIG. 4 is a block diagram showing an example of a circuit configuration of a CCI-FS processing unit;
- FIG. 4 is a diagram showing a register configuration example;
- FIG. 10 is a diagram showing an example of a register configuration when configuring a bridge;
- FIG. 10 is a diagram showing a register configuration example of an error-related register;
- FIG. 10 is a diagram showing a modified example of the extension packet header ePH in the packet configuration of write data generated on the application processor side;
- FIG. 10 is a diagram showing a modified example of an extended packet header ePH in the packet configuration of a read command generated on the application processor side;
- FIG. 4 is a diagram illustrating a flow between an application processor and an image sensor in an A-PHY direct connection configuration;
- FIG. 10 is a diagram illustrating a flow using the Clock Stretch method
- 2 is a block diagram showing a detailed configuration example of an image sensor including a CCI-FS processing unit
- FIG. 4 is a block diagram showing a detailed configuration example of an application processor including a CCI-FS processing unit
- FIG. 12 is a block diagram showing a configuration example of a fourth embodiment of a communication system to which the present technology is applied
- 3 is a block diagram showing a detailed configuration example of an image sensor
- FIG. 3 is a block diagram showing a detailed configuration example of an application processor;
- FIG. 11 is a flowchart for explaining integrity computation value transmission processing;
- FIG. FIG. 10 is a diagram showing a first modified example of the data structure of image data;
- FIG. 10 is a diagram showing a second modified example of the data structure of image data;
- FIG. 10 is a diagram showing a third modified example of the data structure of image data;
- FIG. 11 is a flow chart for explaining a first processing example of integrity computation value processing;
- FIG. 11 is a flowchart for explaining a second processing example of integrity computation value processing;
- FIG. FIG. 13 is a flowchart for explaining a third processing example of integrity computation value processing;
- FIG. FIG. 14 is a flowchart for explaining a fourth processing example of integrity computation value processing;
- FIG. FIG. 10 is a diagram showing a first modified example of the data structure of image data
- FIG. 10 is a diagram showing a second modified example of the data structure of image data
- FIG. 10 is a diagram showing a third modified example of the data structure of image
- FIG. 10 is a diagram showing an example of an initial counter block in which an initialization vector is stored;
- FIG. FIG. 4 is a diagram showing a GHASH function;
- FIG. 4 is a diagram showing a GCTR function;
- FIG. 4 is a diagram showing a GCM-AE function;
- FIG. 4 is a diagram showing a GCM-AD function;
- FIG. 4 is a diagram showing an example of the data structure of image data for transmitting an integrity calculation value MAC for each line;
- FIG. 10 is a diagram showing an example of an initialization vector;
- FIG. FIG. 4 is a diagram showing an example of transmitting an initialization vector from a transmitting side to a receiving side;
- FIG. 2 is a diagram showing an example of an extended format of CSI-2 or CCI; 10 is a flowchart for explaining transmission processing of the line MAC method; FIG. 4 is a diagram showing an example of the data structure of image data in which an integrity calculation value MAC is arranged for each frame; FIG. 10 is a diagram showing an example of an initialization vector; FIG. FIG. 4 is a diagram showing an example of transmitting an initialization vector from a transmitting side to a receiving side; FIG. 10 is a flowchart for explaining transmission processing of the frame MAC method; FIG. 9 is a flowchart for explaining selection processing; FIG. 4 is a diagram showing an example of security MAC information; FIG. 10 is a diagram showing an example of rollover cycles of message count values and frame count values; FIG.
- FIG. 4 is a diagram for explaining the configuration of an initialization vector;
- FIG. 4 is a flowchart for explaining data verification processing; It is a figure explaining a reflection process.
- FIG. 2 is a diagram showing an example of a security protocol;
- FIG. 10 is a diagram showing an example of Source ID or Final Destination ID;
- FIG. 3 is a block diagram showing a detailed configuration example of an image sensor that diagnoses the presence or absence of an abnormality in itself;
- 10 is a flowchart for explaining interference detection processing (part 1) by an interference detection unit;
- FIG. 4 is a diagram illustrating a storage method for storing a light emission pattern (light reception pattern) as a storage pattern when realizing a ToF distance measuring sensor using an image sensor;
- FIG. 4 is a diagram illustrating a storage method for storing a light emission pattern (light reception pattern) as a storage pattern when realizing a ToF distance measuring sensor using an image sensor;
- FIG. 4 is a diagram illustrating a storage method for storing a light emission pattern (light reception pattern) as a storage pattern when realizing a ToF distance measuring sensor using an image sensor;
- FIG. 10 is a flowchart for explaining a disturbance detection process (part 2) by a disturbance detection unit;
- FIG. 6 is a flowchart for explaining failure detection processing by a failure detection unit;
- 10 is a flowchart for explaining abnormality detection processing of a security unit by an infringement detection unit;
- 4 is a flowchart for explaining abnormality detection processing by a temperature detection unit;
- FIG. 10 is a flowchart for explaining a disturbance detection process (part 2) by a disturbance detection unit;
- FIG. 6 is a flowchart for explaining failure detection processing by a failure detection unit;
- 10 is a flowchart for explaining abnormality detection processing of a security unit by an infringement detection unit;
- 4 is a flowchart for explaining abnormality detection processing by a temperature detection unit;
- FIG. 3 is a block diagram showing a detailed configuration example of an application processor that detects the presence or absence of an abnormality in an image sensor; 4 is a flowchart for explaining processing of the image sensor when an application processor performs processing for detecting the presence or absence of an abnormality in the image sensor; 5 is a flowchart for explaining processing of the application processor when the application processor performs processing for detecting the presence or absence of an abnormality in the image sensor; FIG. 10 is a diagram showing an example of the data structure of image data for explaining the location of storing a specific message when achieving high-speed data transmission of the specific message without interfering with high-speed data transmission of image data; FIG.
- FIG. 10 is a flow chart illustrating processing when high-speed data transmission of a specific message is performed without interfering with high-speed data transmission of image data;
- FIG. 10 is a flowchart for explaining image transmission processing (part 1);
- FIG. 11 is a flowchart illustrating an application example of image transmission processing (part 1);
- FIG. FIG. 11 is a flowchart for explaining image transmission processing (part 2);
- FIG. 10 is a flowchart for explaining image transmission processing (part 3) by an image sensor;
- FIG. 11 is a flowchart for explaining imaging transmission processing (part 3) by an application processor;
- FIG. 11 is a flowchart for explaining imaging transmission processing (part 4) by an image sensor;
- FIG. 11 is a flowchart for explaining image transmission processing (No. 8) by an image sensor; FIG. FIG. 11 is a flowchart for explaining image transmission processing (No. 8) by an application processor; FIG. FIG. 13 is a flowchart for explaining image transmission processing (No. 9); FIG. FIG. 11 is a flowchart for explaining image transmission processing (No. 10); FIG. FIG. 11 is a flowchart for explaining image transmission processing (No. 11); FIG. FIG. 10 is a diagram for explaining message count values using two types of count values with different Hamming distances; FIG. 10 is a diagram illustrating a method of detecting whether or not a message count value is defective or falsified using two types of count values; FIG.
- FIG. 10 is a diagram illustrating a method of detecting whether or not a message count value is defective or falsified using two types of count values; 10 is a flowchart for explaining message count processing; FIG. 10 is a diagram illustrating a configuration example of an extension packet header ePH2 when a Warning Descriptor is set in a reserved area (Reserved) in the extension packet header ePH2; FIG. 10 is a diagram illustrating a description example of identification information using each bit of Warning Descriptor (specific message); FIG. 10 is a diagram illustrating a configuration example when a warning bulletin (eg, physical attack detection) is set as the first specific message in the extension packet header; FIG.
- a warning bulletin eg, physical attack detection
- FIG. 11 is a flow chart for explaining transmission processing of the image sensor when a specific message is separated and transmitted;
- FIG. 11 is a flow chart for explaining transmission processing of an application processor when a specific message is separated and transmitted;
- FIG. 10 is a flowchart for explaining transmission processing when a peculiar message is separated and transmitted when a warning detail reading command is transmitted after a warning bulletin is transmitted;
- FIG. 13 is a diagram illustrating a configuration example of a Security Descriptor in which any specific message is set, such as whether there is an abnormality inside or outside the image sensor 1211, whether there is interference or an attack on the image sensor 1211, or the like.
- 1 is a block diagram showing a configuration example of a propulsion device in which an image sensor and an application processor are mounted;
- FIG. 161 is a diagram illustrating a propulsion control process (part 1) for controlling propulsion of the propulsion device of FIG. 160;
- FIG. 161 is a diagram illustrating a propulsion control process (part 2) for controlling propulsion of the propulsion device of FIG. 160;
- 161 is a diagram for explaining propulsion control processing (3) by a microcomputer that controls propulsion of the propulsion device of FIG. 160;
- FIG. FIG. 161 is a diagram for explaining propulsion control processing (part 3) by an imaging unit that controls propulsion of the propulsion device of FIG. 160;
- FIG. 10 is a diagram illustrating a configuration example of a HEARTBEAT request message;
- FIG. 10 is a diagram illustrating a configuration example of a HEARTBEAT_ACK response message;
- FIG. 10 is a diagram illustrating a configuration example of a HEARTBEAT_NAK response message;
- FIG. 10 is a diagram illustrating a configuration example of an END_SESSION request message;
- 10 is a flowchart for explaining HEARTBEAT processing (part 1);
- FIG. 10 is a diagram illustrating a configuration example of an END_SESSION_NAK response message;
- FIG. 10 is a flowchart for explaining HEARTBEAT processing (part 2) of a CCI host (requester);
- FIG. 10 is a flowchart for explaining HEARTBEAT processing (part 2) of a CCI device (responder);
- FIG. 10 is a flowchart for explaining HEARTBEAT processing (part 3) of a CCI host (requester);
- FIG. 10 is a flowchart for explaining HEARTBEAT processing (part 3) of a CCI device (responder);
- FIG. 10 is a diagram illustrating a configuration example of an ERROR response message;
- FIG. 10 is a diagram illustrating an example of setting Error code and Error data;
- FIG. 10 is a diagram illustrating an example of setting ExtendedErrorData;
- FIG. 11 is a diagram illustrating a setting example of a Registry or standards body ID when a pseudo-HEARTBEAT function is used;
- FIG. 10 is a diagram illustrating a setting example of a VENDOR_DEFINED_REQUEST request message;
- FIG. 10 is a diagram illustrating a setting example of a VENDOR_DEFINED_RESPONSE response message;
- FIG. 4 is a diagram for explaining an SPDM key schedule;
- FIG. 10 is a diagram showing an example of KEY_UPDATA_operations;
- FIG. 11 is a flowchart for explaining an example of the flow of processing related to key update;
- FIG. FIG. 10 is a diagram showing an example of ePH2;
- FIG. 10 is a flowchart illustrating an example of the flow of session key update
- FIG. 4 is a flowchart illustrating an example of a processor processing flow
- 6 is a flowchart for explaining an example of the flow of sensor processing
- FIG. 10 is a flowchart illustrating an example of the flow of session key update
- FIG. 4 is a flowchart illustrating an example of a processor processing flow
- 6 is a flowchart for explaining an example of the flow of sensor processing
- 4 is a flowchart illustrating an example of a processor processing flow
- 6 is a flowchart for explaining an example of the flow of sensor processing
- 6 is a flowchart for explaining an example of the flow of sensor processing
- FIG. 10 is a diagram showing an example of KeyUpdataReq and KeySwitchTiming; FIG. 10 is a flowchart illustrating an example of the flow of session key update; FIG. 4 is a flowchart illustrating an example of a processor processing flow; 6 is a flowchart for explaining an example of the flow of sensor processing; 4 is a flowchart illustrating an example of a processor processing flow; 6 is a flowchart for explaining an example of the flow of sensor processing; 4 is a flowchart illustrating an example of a processor processing flow; 6 is a flowchart for explaining an example of the flow of sensor processing; 4 is a flowchart illustrating an example of a processor processing flow; 6 is a flowchart for explaining an example of the flow of sensor processing; FIG.
- FIG. 10 is a diagram showing an example of EvenOddkey
- FIG. 4 is a diagram showing an example of derivation of a session key
- FIG. 4 is a diagram showing an example of derivation of a session key
- FIG. 12 is a block diagram showing a configuration example of a fifth embodiment of a communication system to which the present technology is applied
- FIG. 11 is a block diagram showing a modification of the configuration of the image sensor and processor
- FIG. 11 is a block diagram showing a modification of the configuration of the image sensor and processor
- FIG. 11 is a block diagram showing a modification of the configuration of the image sensor and processor
- FIG. 11 is a block diagram showing a modification of the configuration of the image sensor and processor
- FIG. 11 is a block diagram showing a modification of the configuration of the image sensor and processor
- FIG. 11 is a block diagram showing a modification of the configuration of the image sensor and processor
- FIG. 11 is a block diagram showing a modification of the configuration of the image sensor and processor;
- FIG. 11 is a block diagram showing a modification of the configuration of the image sensor and processor;
- FIG. 11 is a block diagram showing a modification of the configuration of the image sensor and processor;
- FIG. 11 is a block diagram showing a modification of the configuration of the image sensor and processor;
- FIG. 4 is a diagram showing an example of countermeasures against replay attacks in control system communication (Control Plane);
- FIG. 10 is a diagram showing an example of an initialization vector;
- FIG. 10 is a diagram showing an example of Write message;
- FIG. 10 is a diagram showing an example of Write message;
- FIG. 4 is a diagram showing an example of countermeasures against replay attacks in control system communication (Control Plane);
- FIG. 10 is a diagram showing an example of an initialization vector;
- FIG. 10 is a diagram showing an example of Write message;
- FIG. 10 is a diagram showing an example of Write message;
- FIG. 10 is a diagram illustrating a setting example of a VENDOR_DEFINED_REQUEST request message;
- FIG. 4 is a diagram showing an example of a packet configuration of write data;
- FIG. 10 is a diagram illustrating a setting example of a VENDOR_DEFINED_REQUEST request message;
- FIG. 3 is a diagram showing an example of a packet configuration of read data;
- FIG. 10 is a diagram showing an example of countermeasures against replay attacks in image communication (Data Plane);
- FIG. 10 is a diagram showing an example of countermeasures against replay attacks in image communication (Data Plane);
- FIG. 3 is a diagram showing an example of the data structure of image data
- FIG. 10 is a diagram showing an example of countermeasures against replay attacks in image communication (Data Plane);
- FIG. 3 is a diagram showing an example of the data structure of image data;
- FIG. 233 is a diagram explaining the terms of FIG. 232;
- FIG. 11 is a flowchart illustrating an example of session key generation and transmission processing in SSMC;
- FIG. 235 is a flowchart illustrating an example of processing subsequent to FIG. 234;
- FIG. FIG. 13 is a flowchart illustrating an example of session key update processing at one end of the SoC or Bridge;
- FIG. 10 is a flowchart illustrating an example of session key update processing at the other end of a sensor or bridge;
- FIG. 11 is a flowchart illustrating an example of session key generation and transmission processing in SSMC;
- FIG. FIG. 239 is a flowchart illustrating an example of processing subsequent to FIG. 238;
- FIG. FIG. 10 is a flowchart illustrating an example of session key update processing at one end of the SoC or Bridge;
- FIG. 10 is a flowchart illustrating an example of session key update processing at the other end of a sensor or bridge;
- FIG. 209 is a block diagram showing a modified example of the configuration of FIG. 208;
- FIG. FIG. 4 is a diagram showing an example of a packet configuration of write data;
- FIG. 10 is a diagram illustrating an example of write data processing;
- FIG. 4 is a diagram showing an example of a function register;
- FIG. 4 is a diagram showing an example of a function register; FIG. FIG. 4 is a diagram showing an example of a packet configuration of read data; FIG. 10 is a diagram illustrating an example of read data processing; FIG. 4 is a diagram showing an example of a packet configuration of write data; FIG. 10 is a diagram illustrating an example of write data processing; FIG. 10 is a diagram showing an example of setting EXTENDED HEADER; FIG. 4 is a diagram showing an example of a packet configuration of write data; FIG. 10 is a diagram showing an example of setting EXTENDED HEADER; FIG. 4 is a diagram showing an example of a packet configuration of write data; FIG.
- FIG. 10 is a diagram illustrating an example of write data processing; 9 is a flowchart illustrating an example of MAC or CRC arithmetic processing in the second CCI mode; FIG. 10 is a diagram showing a setting example of Register definition and EXTENDED HEADER; FIG. 4 is a diagram showing an example of a packet configuration of write data; FIG. 10 is a diagram illustrating an example of write data processing; 9 is a flowchart illustrating an example of GCM or CCM arithmetic processing in the second CCI mode; FIG. 10 is a diagram showing a setting example of Register definition and EXTENDED HEADER; FIG. 4 is a diagram showing an example of a packet configuration of write data; FIG.
- FIG. 10 is a diagram illustrating an example of write data processing;
- FIG. 4 is a diagram showing an example of a packet configuration of write data;
- FIG. 10 is a diagram illustrating an example of write data processing;
- 7 is a flowchart illustrating an example of GCM or CCM arithmetic processing in the first CCI mode;
- FIG. 10 is a diagram showing a setting example of a Capability register;
- FIG. 10 is a diagram showing a setting example of Vendor defined SPDM message;
- FIG. 4 is a diagram showing an example of a packet configuration of write data;
- FIG. 10 is a diagram illustrating an example of write data processing;
- 7 is a flowchart for explaining an example of switching of an internal processing order;
- FIG. 10 is a diagram showing a setting example of a Capability register;
- FIG. 10 is a diagram showing a setting example of Vendor defined SPDM message;
- 7 is a flowchart for explaining an example of switching of an internal processing order;
- 7 is a flowchart for explaining an example of switching of an internal processing order;
- FIG. 11 is a flowchart illustrating an example of initialization vector notification processing;
- FIG. 4 is a diagram showing an example of a packet configuration of write data;
- FIG. 4 is a diagram showing an example of a packet configuration of write data;
- FIG. 4 is a diagram showing an example of a packet configuration of write data;
- FIG. 4 is a diagram showing an example of a packet configuration of write data;
- FIG. 4 is a diagram showing an example of a packet configuration of write data;
- FIG. 4 is a diagram showing an example of a packet configuration of write data;
- FIG. 4 is a diagram showing an example of a packet configuration of write data;
- FIG. 10 is a diagram showing a setting example of a Capability register;
- FIG. 10 is a diagram showing a setting example of Vendor defined SPDM message;
- FIG. 10 is a diagram showing an example of setting EXTENDED HEADER;
- 10 is a flow chart illustrating an example of a message authentication procedure;
- FIG. 4 is a diagram showing an example of a message authentication policy;
- FIG. 4 is a diagram showing an example of a message authentication policy;
- FIG. 4 is a diagram showing an example of a message authentication policy;
- FIG. 10 is a diagram showing an example of a message authentication policy;
- FIG. 10 is a diagram showing a setting example of a Capability register;
- FIG. 10 is a diagram showing a setting example of Vendor defined SPDM message;
- FIG. 10 is a diagram showing an example of an initialization vector;
- FIG. 10 is a diagram showing an example of an initialization vector;
- FIG. FIG. 10 is a diagram showing an example
- FIG. 1 is a block diagram showing a configuration example of a first embodiment of a communication system to which the present technology is applied.
- the communication system 11 is configured by connecting an image sensor 21 and an application processor 22 via a bus 23 .
- the communication system 11 is used for CSI-2 connections inside existing mobile devices such as so-called smart phones.
- the image sensor 21 is configured by incorporating, for example, a CSI-2 transmission circuit 31 compatible with the extension mode together with a lens and an imaging device (none of which are shown). For example, the image sensor 21 transmits image data of an image captured by the imaging element to the application processor 22 by means of the extension mode compatible CSI-2 transmission circuit 31 .
- the application processor 22 is configured with an LSI (Large Scale Integration) and a CSI-2 receiver circuit 32 compatible with extended mode. This LSI performs processing according to various applications executed by the mobile device provided with the communication system 11 .
- the application processor 22 receives, for example, image data transmitted from the image sensor 21 by means of the extension mode compatible CSI-2 receiving circuit 32 .
- the application processor 22, for example, uses an LSI to process the image data in accordance with the application.
- the bus 23 is a communication path that transmits signals in compliance with the CSI-2 standard. In the bus 23, for example, the transmission distance over which signals can be transmitted is about 30 cm. Also, the bus 23 connects the image sensor 21 and the application processor 22 by a plurality of signal lines (I2C, CLKP/N, D0P/N, D1P/N, D2P/N, D3P/N) as shown. .
- the extended mode compatible CSI-2 transmitting circuit 31 and the extended mode compatible CSI-2 receiving circuit 32 are compatible with communication in the extended mode, which is an extension of the CSI-2 standard, and transmit and receive signals with each other. can be done.
- the detailed configuration of the extended mode compatible CSI-2 transmitting circuit 31 and the extended mode compatible CSI-2 receiving circuit 32 will be described later with reference to FIGS.
- FIG. 2 is a block diagram showing a configuration example of a second embodiment of a communication system to which the present technology is applied.
- the image sensor 21 and the SerDes device 25 are connected via a bus 24-1.
- application processor 22 and SerDes device 26 are connected via bus 24-2.
- a SerDes device 25 and a SerDes device 26 are connected via a bus 27 in the communication system 11A.
- the communication system 11A is used for connection in existing vehicle-mounted cameras.
- the image sensor 21 and the application processor 22 are configured in the same manner as the image sensor 21 and the application processor 22 in FIG. 1, and detailed description thereof will be omitted.
- the buses 24-1 and 24-2, like the bus 23 in FIG. 1, are communication paths for transmitting signals in compliance with the CSI-2 standard. , I2C/I3C, CLKP/N, D0P/N, D1P/N, D2P/N, D3P/N).
- the SerDes device 25 is configured with a CSI-2 receiving circuit 33 and a SerDes (Serializer/Deserializer) transmitting circuit 34 .
- the SerDes device 25 is transmitted from the image sensor 21 by the CSI-2 receiving circuit 33 communicating with the extended mode compatible CSI-2 transmitting circuit 31 in accordance with the normal CSI-2 standard. Get the incoming bit-parallel signal. Then, the SerDes device 25 converts the acquired signal into bit serial, and the SerDes transmission circuit 34 communicates with the SerDes reception circuit 35 on one lane, thereby transmitting the signal to the SerDes device 26. do.
- the SerDes device 26 is configured with a SerDes receiving circuit 35 and a CSI-2 transmitting circuit 36.
- the SerDes device 26 acquires a serial bit signal transmitted by the SerDes receiving circuit 35 communicating with the SerDes transmitting circuit 34 through one lane. Then, the SerDes device 26 converts the acquired signal into bit-parallel, and the CSI-2 transmission circuit 36 complies with the normal CSI-2 standard between the extension mode compatible CSI-2 reception circuit 32 and the CSI-2 transmission circuit 36. It transmits to the application processor 22 by communicating.
- the bus 27 is a communication path that transmits signals in compliance with standards such as A-PHY and FPD (Flat Panel Display)-LINK III.
- the transmission distance over which signals can be transmitted is a long distance of about 15 m.
- MIPI A-PHY has an asymmetric data link layer (asymmetric upper layer) with a point-to-point topology, allowing high-speed data transmission, control data, and power to share the same physical wiring. MIPI A-PHY serves as the foundation for end-to-end systems designed to simplify the integration of cameras, sensors, and displays, while also allowing functional safety and security to be incorporated.
- the communication systems 11 and 11A configured in this way transmit and receive data in packets having an extended packet structure as described later by means of an extended mode compatible CSI-2 transmission circuit 31 and an extended mode compatible CSI-2 receiving circuit 32. be able to.
- This makes it possible to support a wider variety of uses, such as RAW24, SmartROI (Region of Interest), and GLD (Graceful Link Degradation), which will be described later.
- FIG. 3 shows the overall packet structure of a packet used in the CSI-2 extension mode when the physical layer is D-PHY (hereinafter referred to as D-PHY extension packet).
- the extended packet for D-PHY has the same packet structure as the existing CSI-2 standard in the packet header and packet footer.
- the packet header stores VC (VirtualChannel) indicating the number of virtual channels, data type (DataType) indicating the type of data, WC (Word Count) indicating the data length of the payload, and VCX/ECC.
- the packet footer stores a CRC (Cyclic Redundancy Check).
- 0x38 to x3F are defined as reserved for data types transmitted in packet headers. Therefore, in the extension packet for D-PHY, setting information for identifying the extension mode on the receiving side is newly defined by using the existing reserved data type.
- DataType[5:3] is defined as extended mode setting information
- DataType[1:0] is the extended type. Defined as configuration information.
- the extended mode setting information indicates whether or not the extended mode is set. For example, when DataType[5:3] is 3'b111, it indicates the extended mode. Also, when four types of extension mode 0, extension mode 1, extension mode 2, and extension mode 3 are prepared as types of extension mode, the extension type setting information is any type among them. or For example, when DataType[1:0] is 2'b00, it indicates that the extension mode type is extension mode 0.
- a packet structure is defined in which the payload is separated into four. That is, the payload in extended mode 0 is, as shown in FIG. 3, an extended packet header (ePH), an optional extended packet header (OePH), a legacy payload (Legacy Payload), and an optional Separated into the Optional extended Packet Footer (OePF). Note that the extended packet header may be repeatedly transmitted.
- the extended packet header is placed at the beginning of the existing CSI-2 standard payload, and must always be sent in extended mode.
- the extended packet header is composed of setting information such as an SROI identification flag, extended VC (Virtual Channel), extended DataType, OePH selection flag, and OePF selection flag.
- the extended VC extends the VC, which was 4 bits in the existing CSI-2 standard, to 8 bits
- the extended DataType extends the DataType, which was 4 bits in the existing CSI-2 standard, to 8 bits. be.
- the VC of the existing packet header already exists with 4 bits, and by defining the extended VC of the extended packet header as 4 bits, the total can be 8 bits.
- OePH[7:0] ⁇ 5'h00,RSID,XY_POS,MC ⁇
- OePF[3:0] ⁇ 3'h0,pCRC ⁇
- ON/OFF of packet transmission can be controlled.
- the optional extension packet header and optional extension packet footer are selectively transmitted according to the application.
- the legacy payload corresponds to the same payload as the existing CSI-2 standard.
- the extended packet header, optional extended packet header, and optional extended packet footer As needed, it is possible to transmit data for various purposes.
- the data transmitted by the extended packet header, optional extended packet header, and optional extended packet footer shall be 26bit+6bit ECC (Error Correction Code).
- ECC Error Correction Code
- FIG. 4 shows a short packet (hereinafter referred to as D-PHY (referred to as an extended short packet for .NET) is shown.
- FIG. 5 shows the packet structure of a long packet (hereinafter referred to as an extended long packet for D-PHY) used in the extended mode of CSI-2 when the physical layer is D-PHY.
- This Short Packet Data Field is identical to that defined in the existing CSI-2 standard.
- MC MessageCount for GLD
- RSID vehicle line number and SourceID
- the extended short packet with the packet structure as shown in FIG. 4 can extend the data type and the bit width of the virtual channel compared to the extended short packet according to the existing CSI-2 standard.
- Various uses defined in the extended packet header can be supported. Also, if these functions are not required, an extended short packet conforming to the existing CSI-2 standard may be transmitted together with an extended long packet.
- the optional extended packet header, legacy payload, and optional extended packet footer are stored in the existing CSI-2 standard payload and transmitted.
- the existing SerDes transmission circuit 34 and SerDes reception circuit 35 (FIG. 2) recognize it in the same way as the image data transmitted with the existing payload, and the image data is transmitted as it is. It is transmitted to the later stage.
- the last-stage application processor 22 can determine the extension mode from the data type DT[5:0] of the packet header. Therefore, the application processor 22 can interpret the contents of the payload in order from the extension packet header and extract the desired extension mode data.
- FIG. 6 shows the overall packet structure of a packet used in the CSI-2 extension mode when the physical layer is C-PHY (hereinafter referred to as an extension packet for C-PHY).
- an extension packet for C-PHY shown in FIG. 6, the description of the configuration common to the extension packet for D-PHY in FIG. 3 is omitted, and the configuration different is described.
- extension packet for C-PHY similar to the extension packet for D-PHY in FIG. It is embedded in the payload and transmitted.
- the extended packet for C-PHY transmits the packet header twice in the same way as the packet for C-PHY conforming to the existing CSI-2 standard, and the C-PHY converts 16 bits into 7 symbols. Arrange the data in 16-bit units for convenience of conversion to .
- the extension packet header is placed at the beginning of the payload, but with respect to the virtual channel, in the case of C-PHY, the beginning of the existing packet header was reserved for that purpose, so the extension packet header has the virtual channel is not stored.
- the virtual channel may be stored in the extension packet header.
- a flag called OePHF is prepared, and if this flag is 1, the OePH/OePF information is transmitted next.
- a CRC is transmitted as an extended packet header, and similarly configured packet headers are repeatedly transmitted twice. In this way, by making the structure the same as the existing mechanism in which the packet header is transmitted twice, it is possible to achieve both circuit reusability and error tolerance.
- FIG. 7 shows a short packet (hereinafter referred to as C-PHY (referred to as an extended short packet for .NET) is shown.
- FIG. 8 shows a packet structure of a long packet (hereinafter referred to as an extended long packet for C-PHY) used in CSI-2 extended mode when the physical layer is C-PHY.
- the extended short packet for C-PHY shown in FIG. 7 is not significantly different in packet structure from the extended short packet for D-PHY shown in FIG. 4, and the extended long packet for C-PHY shown in FIG. , there is no significant difference in the packet structure from the extended long packet for D-PHY shown in FIG.
- FIG. 9 is a block diagram showing a configuration example of the image sensor 21 including the extended mode compatible CSI-2 transmission circuit 31. As shown in FIG.
- the image sensor 21 includes pixels 41, an AD converter 42, an image processing unit 43, a pixel CRC calculation unit 44, a physical layer processing unit 45, a CSI-2 transmission circuit 31 compatible with the extension mode, It comprises an I2C/I3C slave 46 and a register 47 .
- the extension mode compatible CSI-2 transmission circuit 31 includes a packing unit 51, a packet header generation unit 52, an extension packet header generation unit 53, an extension packet footer generation unit 54, selection units 55 and 56, a CRC calculation unit 57, and lane distribution. It comprises a unit 58 , a CCI slave 59 and a controller 60 .
- the pixel 41 outputs an analog pixel signal corresponding to the amount of light received, and an AD converter (ADC: Analog-to-Digital Converter) 42 converts the pixel signal output from the pixel 41 into a digital image. It is supplied to the processing section 43 .
- An image signal processor (ISP) 43 supplies image data obtained by performing various types of image processing on an image based on pixel signals to a pixel CRC calculator 44 and a packing unit 51 .
- the image processing unit 43 also supplies a data enable signal data_en indicating whether the image data is valid to the packing unit 51 and the controller 60 .
- the pixel CRC calculation unit 44 calculates and obtains the CRC for each pixel in the image data supplied from the image processing unit 43 and supplies the CRC to the extension packet footer generation unit 54 .
- the physical layer processing unit 45 can perform both C-PHY and D-PHY physical layer processing. For example, the physical layer processing unit 45 performs physical layer processing of the C-PHY when the C layer enable signal cphy_en supplied from the controller 60 is valid, and when the C layer enable signal cphy_en is invalid. Performs physical layer processing for D-PHY. The physical layer processing unit 45 then transmits the packets divided into four lanes by the lane distribution unit 58 to the application processor 22 .
- the I2C/I3C slave 46 communicates under the initiative of the I2C/I3C master 72 (FIG. 10) of the application processor 22 based on the I2C (Inter-Integrated Circuit) or I3C (Improved Inter-Integrated Circuits) standard.
- settings sent from the application processor 22 are written to the register 47 via the I2C/I3C slave 46 and the CCI slave 59.
- the settings written to the register 47 include, for example, communication settings according to the CSI-2 standard, extended mode settings indicating whether or not extended mode is used, and fixed communication settings required for communication in extended mode. and so on.
- the packing unit 51 performs packing processing to store the image data supplied from the image processing unit 43 in the payload of the packet, and supplies the payload to the selection unit 55 and the lane distribution unit 58 .
- the packet header generation unit 52 When the packet header generation unit 52 is instructed to generate a packet header according to the packet header generation instruction signal ph_go supplied from the controller 60 , the packet header generation unit 52 generates a packet header and supplies it to the selection unit 55 and the lane distribution unit 58 .
- the packet header generation unit 52 generates, according to the existing CSI-2 standard, setting information indicating conditions set for data transmitted in a packet, for example, a packet header storing a data type indicating a data type. .
- the packet header generation unit 52 uses an extension header in the unused area defined as unused in the existing CSI-2 standard in the data type, which is setting information indicating the type of data transmitted in the packet. It stores extended mode setting information indicating whether or not the extended mode is the extended mode.
- the packet header generation unit 52 stores extension type setting information indicating which type of extension mode is one of a plurality of types of extension modes prepared as the extension mode in the unused area.
- the extended packet header generator 53 generates an extended packet header and an optional extended packet header according to an extended packet header generation instruction signal eph_go and an extended packet header enable signal ePH_en supplied from the controller 60, and selects a selector 56 and a lane distributor. 58. Further, the extension packet header generation unit 53 is supplied with a vehicle line number, a source ID (identification), etc. according to the application of the image sensor 21, and if necessary, these are supplied as extension packet headers or optional extension packet headers. stored in
- the extended packet header generating unit 53 generates, for example, an extended packet header storing setting information as shown in FIG. 3, separately from the packet header generated by the packet header generating unit 52. Further, when transmitting the optional extension packet header, the extension packet header generation unit 53 generates the optional extension packet header setting information (OePH[7:0]) indicating whether or not to transmit the optional extension packet header. Optional extension packet header setting information indicating that the header is to be transmitted is stored in the extension packet header, and an optional extension packet header is generated following the extension packet header.
- the extended packet footer generator 54 generates an optional extended packet footer according to the extended packet footer generation instruction signal epf_go and the extended packet header enable signal ePF_en supplied from the controller 60 and supplies it to the selector 56 and the lane distributor 58 .
- the extended packet footer generation unit 54 when the packet transmitted in the extended mode is an extended long packet that stores data transmitted as a payload in the existing CSI-2 standard, the extended packet footer generation unit 54 generates a legacy payload in which data is stored. Generates an optional extension packet footer that follows the .
- a layer C enable signal cphy_en is supplied from the controller 60 to the packet header generator 52 , the extended packet header generator 53 , and the extended packet footer generator 54 . Then, when the C layer enable signal cphy_en indicates valid, the packet header generation unit 52 generates a packet header for C-PHY, and the extension packet header generation unit 53 generates an extension packet header for C-PHY and optional extensions. A packet header is generated, and an extended packet footer generator 54 generates an optional extended packet footer for C-PHY. On the other hand, when the C-layer enable signal cphy_en indicates invalidity, the packet header generator 52 generates a packet header for D-PHY, and the extended packet header generator 53 generates an extended packet header for D-PHY and optional extensions. A packet header is generated, and an extended packet footer generator 54 generates an optional extended packet footer for D-PHY.
- the selection unit 55 selects the packet header supplied from the packet header generation unit 52 according to the C layer enable signal cphy_en supplied from the controller 60 when the C layer enable signal cphy_en is valid, and supplies the selected packet header to the selection unit 56 . .
- the selection unit 55 selects the payload supplied from the packing unit 51 and supplies it to the selection unit 56 .
- the selection unit 56 selects the packet header or payload selectively supplied via the selection unit 55, the extension packet header supplied from the extension packet header generation unit 53, and the optional extension according to the data selection signal data_sel supplied from the controller 60.
- One of the packet header and the optional extended packet footer supplied from the extended packet footer generator 54 is selected and supplied to the CRC calculator 57 .
- the CRC calculation unit 57 calculates and obtains the CRC of the packet header, payload, extended packet header, optional extended packet header, or optional extended packet footer selectively supplied via the selection unit 56, and distributes the CRC to lanes. 58.
- the lane distribution unit 58 distributes the payload supplied from the packing unit 51, the packet header supplied from the packet header generation unit 52, the extension packet header supplied from the extension packet header generation unit 53, and the optional extension packet.
- the header, the optional extended packet footer supplied from the extended packet footer generation unit 54, and the CRC supplied from the CRC calculation unit 57 are distributed to four lanes according to the CSI-2 standard, and the physical layer processing unit 45 supply to
- the CCI (Camera Control Interface) slave 59 communicates under the initiative of the CCI master 88 (Fig. 10) of the application processor 22 based on the CSI-2 standard.
- the controller 60 reads out various settings stored in the register 47 and controls each block that configures the extended mode compatible CSI-2 transmission circuit 31 according to these settings. For example, the controller 60 controls switching between transmission of packets having a packet structure conforming to the existing CSI-2 standard and transmission of packets having a packet structure in the extended mode according to the content of data to be transmitted.
- the image sensor 21 is configured in this way, and can generate an extension packet having a packet structure as described with reference to FIGS.
- FIG. 10 is a block diagram showing a configuration example of the application processor 22 including the extended mode compatible CSI-2 receiver circuit 32. As shown in FIG.
- the application processor 22 includes a physical layer processing unit 71, an I2C/I3C master 72, a register 73, and a controller 74 in addition to the CSI-2 receiver circuit 32 compatible with the extended mode.
- the extended mode compatible CSI-2 receiver circuit 32 includes a packet header detector 81, a lane merger 82, an interpreter 83, selectors 84 and 85, a CRC calculator 86, an unpacker 87, and a CCI master 88. configured with.
- the physical layer processing unit 71 is capable of executing both C-PHY and D-PHY physical layer processing. As described above, the physical layer processing unit 45 of the image sensor 21 performs either one of C-PHY and D-PHY physical layer processing. perform the same physical layer processing as performed in .
- the I2C/I3C master 72 leads communication with the I2C/I3C slave 46 (FIG. 9) of the image sensor 21 based on the I2C or I3C standard.
- the controller 74 controls each block that configures the application processor 22 .
- the packet header detection unit 81 detects the packet header from the packet supplied from the physical layer processing unit 71, and confirms the data type stored in the packet header.
- the packet header detection unit 81 detects the extended mode detection flag indicating the extended mode. is supplied to the interpreter 83 , the selector 84 and the selector 85 .
- the packet header detection unit 81 also supplies the lane merging unit 82 with a merge enable signal mrg_en indicating whether to enable merging of the divided four lanes.
- the packet header detection unit 81 detects packet headers in which setting information (data type, etc.) indicating conditions set for data transmitted in packets is stored according to the existing CSI-2 standard. At this time, the packet header detection unit 81 detects that the data type, which is setting information indicating the type of data transmitted in the packet, is stored in an unused area defined as unused in the existing CSI-2 standard. , by outputting an extension mode detection flag according to the extension mode setting information indicating whether the extension mode is an extension mode using an extension header, reception of a packet with a packet structure conforming to the existing CSI-2 standard and extension mode Allows switching between receiving and receiving packets in a packet structure at the time. Further, the packet header detection unit 81 detects a plurality of types prepared as extended modes according to the extended mode type information stored in the unused area of the data type defined as unused in the existing CSI-2 standard. Recognize which type of extended mode it is.
- the lane merging unit 82 merges the packets divided into 4 lanes supplied from the physical layer processing unit 71 .
- the lane merging unit 82 then supplies the packet of one lane to the interpreting unit 83 , the selecting unit 84 , and the selecting unit 85 .
- the interpreter 83 extracts from the packet supplied from the lane merging unit 82 based on the extended mode packet structure. , Extended Packet Header, Optional Extended Packet Header, and Optional Extended Packet Footer. The interpretation unit 83 then interprets the setting information stored in the extension packet header, optional extension packet header, and optional extension packet footer.
- the interpreting unit 83 receives, as an extension header, an extension packet header arranged at the beginning of the payload according to the existing CSI-2 standard, and interprets the setting information stored in the extension packet header. Further, if the optional extension packet header setting information stored in the extension packet header indicates that an optional extension packet header that is selectively transmitted according to the application is to be transmitted, the interpretation unit 83 receive the optional extension packet header, and interpret the setting information stored in the optional extension packet header. Furthermore, if the packet transmitted in the extended mode is an extended long packet that stores data transmitted as a payload in the existing CSI-2 standard, the interpreter 83 follows the legacy payload in which the data is stored. Receive an optional extension packet footer to be placed and interpret the optional extension packet footer.
- the interpreting unit 83 reads, for example, the in-vehicle line number and source ID stored in the optional extension packet header, and outputs them to the subsequent LSI (not shown).
- the interpreter 83 stops without performing the processing described above.
- the selection unit 84 selectively supplies data to the unpacking unit 87 according to the extension mode detection flag supplied from the packet header detection unit 81 and based on the packet structure of the existing packet or the packet structure of the extension packet.
- the selection unit 85 selectively supplies data to the CRC calculation unit 86 according to the extension mode detection flag supplied from the packet header detection unit 81 and based on the packet structure of the existing packet or the packet structure of the extension packet.
- the CRC calculator 86 calculates the CRC of the packet header, payload, extended packet header, optional extended packet header, or optional extended packet footer selectively supplied via the selector 85 . Then, when a CRC error is detected, the CRC calculator 86 outputs a crcCRC error detection signal indicating the fact to the subsequent LSI (not shown).
- the unpacking unit 87 performs unpacking processing to extract the image data stored in the payload selectively supplied via the selection unit 84, and outputs the acquired image data to the subsequent LSI (not shown). .
- the CCI master 88 leads communication with the CCI slave 59 (Fig. 9) of the image sensor 21 based on the CSI-2 standard.
- the application processor 22 is configured as described above, receives the extension packet transmitted from the image sensor 21, and interprets the setting information stored in the extension packet header, the optional extension packet header, and the optional extension packet footer. to obtain the image data.
- FIG. 11 is a flowchart for explaining the process of transmitting packets by the image sensor 21.
- step S ⁇ b>11 the controller 60 determines whether or not to use the extension mode when starting communication with the application processor 22 . For example, controller 60 checks the extended mode setting stored in register 47 and determines to use extended mode if application processor 22 has written an extended mode setting indicating that extended mode is to be used.
- step S11 if the controller 60 determines not to use the extended mode, the process proceeds to step S12.
- the I2C/I3C slave 46 receives an image data transmission start command transmitted from the application processor 22 (at step S54 in FIG. 13, which will be described later). Furthermore, the I2C/I3C slave 46 receives the communication setting according to the CSI-2 standard transmitted together with the transmission start instruction, and writes it to the register 47 via the CCI slave 59 .
- step S13 the image sensor 21 executes conventional packet transmission processing for transmitting a packet having a packet structure conforming to the existing CSI-2 standard to the application processor 22 based on the communication settings stored in the register 47. be done.
- step S11 determines in step S11 to use the extension mode
- the process proceeds to step S14.
- step S14 the I2C/I3C slave 46 receives fixed communication settings required for communication in extended mode (for example, a copy of PH/PF for each lane during GLD), and via the CCI slave 59, write to register 47.
- fixed communication settings required for communication in extended mode for example, a copy of PH/PF for each lane during GLD
- the I2C/I3C slave 46 receives an image data transmission start command transmitted from the application processor 22 (at step S57 in FIG. 13, which will be described later). Furthermore, the I2C/I3C slave 46 receives the communication setting according to the CSI-2 standard transmitted together with the transmission start instruction, and writes it to the register 47 via the CCI slave 59 .
- step S16 the controller 60 determines whether or not to start packet transmission, and waits until it determines to start packet transmission.
- step S16 if it is determined to start packet transmission, the process proceeds to step S17, and the controller 60 determines whether or not the data should be transmitted in the extended mode.
- the controller 60 determines that the data should be transmitted in the extended mode according to the content of the data to be transmitted, for example, if the data is transmitted in a use case of an application example described later. do.
- step S17 determines in step S17 that the data should be transmitted in the extended mode
- step S18 in which extended mode transmission processing (see FIG. 12) for transmitting an extended packet corresponding to the extended mode is performed.
- step S17 determines in step S17 that the data should not be transmitted in the extended mode. If the controller 60 determines in step S17 that the data should not be transmitted in the extended mode, the process proceeds to step S19.
- step S19 the controller 60 determines whether or not to transmit a short packet. For example, the controller 60 determines to transmit short packets at the start and end of a frame.
- step S19 determines in step S19 to transmit a short packet
- the process proceeds to step S20.
- step S ⁇ b>20 the packet header generator 52 generates a packet header and transmits a short packet having a conventional packet structure to the application processor 22 .
- step S19 the controller 60 determines in step S19 not to transmit a short packet (that is, to transmit a long packet)
- the process proceeds to step S21.
- step S 21 the packing unit 51 stores the image data in the payload, and the CRC calculation unit 57 obtains the CRC to generate a long packet with a conventional packet structure and transmit it to the application processor 22 .
- step S18 After the process of step S18, step S20, or step S21, the process proceeds to step S22, and the controller 60 ends the packet transmission process. After that, the process returns to step S16, and the process of transmitting the next packet is repeated in the same manner.
- FIG. 12 is a flowchart for explaining the extension mode transmission process performed in the process of step S18 of FIG.
- step S ⁇ b>31 the packet header generation unit 52 generates a packet header containing VC, data type, WC, etc., and transmits it to the application processor 22 .
- step S32 the application processor 22 determines whether or not to transmit an extended short packet. For example, the controller 60 determines to transmit extended short packets at the start and end of a frame.
- step S32 determines in step S32 to transmit an extended short packet. If the application processor 22 determines in step S32 to transmit an extended short packet, the process proceeds to step S33.
- step S33 the extended packet header generation unit 53 transmits an extended packet header with the data type (DataType[7:0]) set to short packet at the first byte of the payload.
- the extended packet header generator 53 performs various settings (for example, OePH[7:0], OePF[3:0], etc.) stored in the extended packet header.
- step S34 the extended packet header generator 53 stores the frame number (FN: FrameNumber) in the second byte of the payload and transmits it.
- step S35 the extension packet header generation unit 53 generates and transmits an optional extension packet header as shown in FIG. 4 according to the setting (OePH[7:0]) made in step S33.
- step S36 the CRC calculator 57 obtains the CRC and transmits it as a packet footer.
- step S32 determines in step S32 not to transmit the extended short packet (that is, to transmit the long packet). the process proceeds to step S37.
- step S37 the extended packet header generation unit 53 transmits an extended packet header in which the data type (DataType[7:0]) is set to other than short packet at the first byte of the payload.
- the extended packet header generator 53 performs various settings (for example, OePH[7:0], OePF[3:0], etc.) stored in the extended packet header.
- step S38 the extension packet header generation unit 53 generates and transmits an optional extension packet header as shown in FIG. 5 according to the setting (OePH[7:0]) made in step S37.
- step S39 the packing unit 51 packs the image data supplied from the image processing unit 43, generates a legacy payload, and transmits it.
- step S40 the extension packet footer generation unit 54 generates and transmits an optional extension packet footer as shown in FIG. 4 according to the setting (OePF[3:0]) made in step S37.
- step S41 the CRC calculation unit 57 obtains a CRC and transmits it as a packet footer.
- step S36 or S41 the extended mode transmission process is terminated.
- the image sensor 21 can generate and transmit extended short packets or extended long packets.
- FIG. 13 is a flow chart explaining the processing for the application processor 22 to receive packets.
- the process starts when the image sensor 21 is connected to the application processor 22 via the bus 23 .
- the controller 74 writes the initial settings of the image sensor 21 (for example, whether to use C-PHY or D-PHY as the physical layer) to the register 73, It is transmitted to the image sensor 21 by the master 72 . This writes the initial settings to the register 47 of the image sensor 21 .
- step S52 the controller 74 recognizes whether or not the image sensor 21 supports extended mode. For example, the controller 74 acquires a set value (for example, extended PH/PF compatible capability) stored in the register 47 of the image sensor 21 by the I2C/I3C master 72, thereby making the image sensor 21 compatible with the extended mode. It is possible to recognize whether or not Alternatively, the controller 74 can recognize in advance whether the image sensor 21 is compatible with the extension mode, for example, based on manual input.
- a set value for example, extended PH/PF compatible capability
- step S53 the controller 74 determines whether the image sensor 21 supports extended mode and whether the application executed by the application processor 22 requests use of the extended mode.
- step S53 determines in step S53 that the image sensor 21 does not support the extended mode or that the use of the extended mode is not required, the process proceeds to step S54.
- step S54 the controller 74 sends an image data transmission start command to the image sensor 21 by the I2C/I3C master 72. At this time, the controller 74 also causes the communication settings according to the CSI-2 standard to be transmitted.
- step S55 the application processor 22 performs conventional packet reception processing for receiving packets having a packet structure conforming to the existing CSI-2 standard, based on the communication settings transmitted in step S54.
- step S53 determines in step S53 that the image sensor 21 is compatible with the extended mode and that the application executed by the application processor 22 requests the use of the extended mode
- the process proceeds to step S56. proceed to
- step S56 the I2C/I3C master 72 transmits fixed communication settings required for communication in extended mode before communication in extended mode is started. As a result, the fixed communication settings are written to the register 47 of the image sensor 21 (step S14 in FIG. 11).
- step S57 the controller 74 transmits an image data transmission start command to the image sensor 21 by the I2C/I3C master 72. At this time, the controller 74 also causes the communication settings according to the CSI-2 standard to be transmitted.
- step S58 the packet header detection unit 81 checks the data supplied from the physical layer processing unit 71 to determine whether or not packet reception has started. wait for For example, when the packet header detector 81 detects the packet header from the data supplied from the physical layer processor 71, it determines that packet reception has started.
- step S58 If the packet header detector 81 determines in step S58 that packet reception has started, the process proceeds to step S59.
- step S59 if the packet header detector 81 determines that the packet for which reception has started is an extension packet, the process proceeds to step S60, and extension mode reception processing (see FIG. 14) for receiving the extension packet is performed. .
- step S59 determines in step S59 that the packet that has started receiving is not an extension packet, the process proceeds to step S61.
- step S61 the packet header detection unit 81 checks the data type (DataType[5:0]) of the packet header detected in step S58, and determines whether or not the packet that has started receiving is a short packet. .
- step S61 if the packet header detection unit 81 determines that the packet that has started to be received is a short packet, the process proceeds to step S62.
- step S ⁇ b>62 the packet header detector 81 receives a short packet having a conventional packet structure transmitted from the image sensor 21 .
- step S61 the process proceeds to step S63.
- the unpacking unit 87 receives the payload of the long packet of the conventional packet structure transmitted from the image sensor 21, extracts the image data, and the CRC calculation unit 86 extracts the image data following the packet header. Receive the coming WC+1 byte as CRC.
- step S60 After the process of step S60, step S62, or step S63, the process proceeds to step S64, and the controller 74 ends the packet reception process. After that, the process returns to step S58, and the process of receiving the next packet is repeated in the same manner.
- FIG. 14 is a flow chart explaining the extension mode reception process performed in the process of step S60 of FIG.
- step S71 when the packet header detection unit 81 determines that the mode setting of the extension mode is extension mode 0, the process proceeds to step S72.
- step S72 the interpretation unit 83 receives the first byte of the payload as an extension packet header.
- step S73 the interpreting unit 83 checks the data type (DataType[7:0]) of the extension packet header received in step S72, and determines whether or not the packet whose reception has started is an extension short packet. .
- step S73 when the interpretation unit 83 determines that the packet is an extended short packet, the process proceeds to step S74.
- the interpretation unit 83 receives the optional extension packet header according to the setting (OePH[7:0]) stored in the extension packet header received in step S72.
- step S75 the CRC calculation unit 86 receives the WC+1-th byte transmitted following the optional extension packet header as a CRC.
- step S73 determines in step S73 that the packet is not an extended short packet (that is, reception of an extended long packet has started)
- the process proceeds to step S76.
- step S76 the interpretation unit 83 receives the optional extension packet header according to the setting (OePH[7:0]) stored in the extension packet header received in step S72.
- step S77 the unpacking unit 87 receives the legacy payload of the extended long packet transmitted from the image sensor 21 and extracts the image data.
- step S78 the interpretation unit 83 receives the optional extension packet footer according to the setting (OePF[3:0]) stored in the extension packet header received in step S72.
- step S79 the CRC calculation unit 86 receives the WC+1-th byte transmitted following the optional extension packet footer as a CRC.
- step S71 determines whether the mode setting of the extended mode is not extended mode 0 or after the process of step S79.
- the application processor 22 can receive extended short packets or extended long packets and acquire data.
- the packet header and packet footer are the same as those of the existing CSI-2 standard, with emphasis on maintaining compatibility with the existing CSI-2 standard.
- the packet structure is expanded with an extended packet header, an optional extended packet header, and an optional extended packet footer.
- the packet header and packet footer are different from those of the existing CSI-2 standard, and the extended packet header and extended packet footer are used to extend the packet structure.
- FIG. 15 shows the packet structure of a short packet (hereafter, extended short packet for D-PHY) used in CSI-2 extended mode when the physical layer is D-PHY.
- a short packet hereafter, extended short packet for D-PHY
- the extended short packet for D-PHY shown in FIG. 15 is stored in the same packet header as the existing CSI-2 standard, like the extended short packet for D-PHY of the first structural example shown in FIG.
- the extended mode is identified by the data type used.
- a frame number is added to the short packet data field in the next 16 bits of the data type of the packet header, just like the short packet conforming to the existing CSI-2 standard. is stored.
- an extended packet header configured similarly to the extended packet header shown in FIG. 4 is transmitted.
- the application processor 22 on the receiving side interprets the data type stored in the extended packet header, and if it is an extended short packet, determines that the frame number is stored in the data field of the packet header. can do.
- the optional extension packet header in the extension short packet for D-PHY shown in FIG. 15 is configured in the same manner as the optional extension packet header in the extension short packet for D-PHY of the first structural example shown in FIG. be. However, since the optional extension packet header has a packet structure that is not embedded in the payload, there is no need to add a CRC at the end.
- FIG. 16 shows the packet structure of a long packet (hereinafter, extended long packet for D-PHY) used in CSI-2 extended mode when the physical layer is D-PHY.
- extended long packet for D-PHY a long packet used in CSI-2 extended mode when the physical layer is D-PHY.
- the extended data is not embedded in the payload and is transmitted as part of the packet header or packet footer. Therefore, WC in the top packet header indicates the byte length of the payload as in the existing standard.
- FIG. 17 shows the packet structure of a short packet (hereinafter, extended short packet for C-PHY) used in CSI-2 extended mode when the physical layer is C-PHY.
- extended short packet for C-PHY a short packet used in CSI-2 extended mode when the physical layer is C-PHY.
- the extension part of the extension short packet for C-PHY shown in FIG. 17 is transmitted as an extension of the packet header according to the existing CSI-2 standard, the extension part such as the extension packet header is inserted after the frame number. be. And, like the existing CSI-2 standard, the packet header ends with a CRC. Furthermore, the packet structure in which these are transmitted twice with SYNC interposed is the same as the short packet according to the existing CSI-2 standard.
- FIG. 18 shows the packet structure of a long packet (hereinafter, extended long packet for C-PHY) used in CSI-2 extended mode when the physical layer is C-PHY.
- extended long packet for C-PHY a long packet used in CSI-2 extended mode when the physical layer is C-PHY.
- the WC at the top of the packet header indicates the byte length of the payload, as in the existing standard. There is a difference from the extended long packet for C-PHY in the structural example.
- the extension packet of the second structural example has a packet structure in which the existing packet header and footer are extended without embedding the extension data in the existing payload. Therefore, when adopting the packet structure of the extension packet of the second structure example, compared with the case of adopting the packet structure of the extension packet of the first structure example, the conventionally used communication system It is not possible to minimize the impact that would require change. That is, for example, the existing SerDes transmission circuit 34 requires modification to the SerDes reception circuit 35 (FIG. 2).
- extension packet of the first structural example it is possible to deal with various applications such as in-vehicle use, and at the same time, it is possible to change the conventionally used communication system.
- An in-vehicle system can be constructed with minimal impact.
- extension packet of the second structural example although it is necessary to change the conventionally used communication system, it is possible to support various applications such as in-vehicle use.
- Each block constituting the image sensor 21 in FIG. 9 and the application processor 22 in FIG. 10 described above is configured to be able to process both D-PHY and C-PHY packets.
- both a block dedicated to processing D-PHY packets and a block dedicated to processing C-PHY packets may be provided, and the processing may be switched between them. .
- the D-layer processing block unit 101 has a block that exclusively processes D-PHY packets among the blocks that make up the image sensor 21 in FIG.
- the C-layer processing block unit 102 has a block exclusively for processing C-PHY packets among the blocks constituting the image sensor 21 in FIG.
- the switching unit 103 Under the control of the controller 60, the switching unit 103 outputs D-PHY packets generated in the D layer processing block unit 101 when D-PHY is used for the physical layer, and switches C-PHY to the physical layer. When used, switching is performed so that the C-PHY packet generated in the C-layer processing block unit 102 is output.
- the switching unit 111 performs switching so that packets transmitted from the image sensor 21A are supplied to one of the D-layer processing block unit 112 and the C-layer processing block unit 113 under the control of the controller 74 .
- the D-layer processing block unit 112 has a block that exclusively processes D-PHY packets among the blocks constituting the application processor 22 in FIG.
- the C-layer processing block unit 113 has a block dedicated to processing C-PHY packets among the blocks constituting the application processor 22 in FIG.
- the physical layer to be used can be set between the controller 60 and the controller 74 before starting communication. Then, for example, when D-PHY is used for the physical layer, a D-PHY packet generated in the D layer processing block unit 101 is transmitted via the switching unit 103, and is transmitted via the switching unit 111 to D-PHY. It is supplied to the layer processing block unit 112 and processed. Further, for example, when C-PHY is used for the physical layer, a C-PHY packet generated in the C layer processing block unit 102 is transmitted via the switching unit 103, and is transmitted via the switching unit 111 to C-PHY. It is supplied to the layer processing block unit 113 and processed.
- extension packets are being considered for use cases such as transmitting higher-definition images (RAW24).
- RAW6, RAW7, RAW8, RAW10, RAW12, RAW14, RAW16, and RAW20 are defined as data types stored in the packet header according to the existing CSI-2 standard.
- RAW24 with higher definition as the data type of the extension packet header.
- extension packets are being considered for application to SmartROI, a technology that transmits only the image area of interest on the screen.
- an extension packet for example, it is possible to transmit coordinate data of 16 bits or more for each of the X and Y coordinates.
- GLD is a proposal under consideration in CSI-2 ver3.0.
- the in-vehicle camera interface has at least a disconnection detection function, and indicates the line number (16 bits) that indicates what line the information is on the screen, SourceID (8 bits) that indicates which camera sent it, and the transmission number. Information such as message counter (16bit) is required. Furthermore, when used in combination with SROI as described above, it is conceivable that these pieces of information are transmitted in units of frames.
- extension packets it is possible to transmit this information.
- the image sensor 21 and the application processor 22 have different interfaces, it is necessary to convert packets on the transmission path. . That is, when the physical layer of the image sensor 21 is D-PHY and the physical layer of the application processor 22 is C-PHY, for example, in the SerDes device 26, packets for D-PHY are transferred to C-PHY. need to convert.
- FIG. 20 is a block diagram showing a configuration example of a communication system 201 adapted to E2E protection as a third embodiment of a communication system to which this technology is applied.
- the communication system 201 is configured by connecting an image sensor 211, a SerDes device 212, a SerDes device 213, and an application processor 214.
- FIG. 20 describes the case where the SERDES is A-PHY as an example, it also includes the case of connection using other SERDES standards such as FPD-LINK3.
- the SERDES standard communication may be performed based on the SERDES standard while maintaining the CIS-2 format (at least Application Specific payload).
- the physical layer processing units 237 and 247 may include a plurality of other SERDES standard physical layer processing units in addition to A-PHY, and the physical layer processing units can be switched according to the application. can.
- the image sensor 211 includes an extended mode compatible CSI-2 transmission circuit 221, a physical layer processing unit (hereinafter referred to as a C/D-PHY physical layer processing unit) 222 compatible with C-PHY and/or D-PHY, It has at least a slave (hereinafter referred to as an I2C/I3C slave) 223 compatible with I2C or I3C, or both, and a CCI slave 224 .
- a C/D-PHY physical layer processing unit hereinafter referred to as a C/D-PHY physical layer processing unit
- I2C/I3C slave a slave 223 compatible with I2C or I3C, or both
- the SerDes device 212 includes a CSI-2 receiving circuit 231, a C/D-PHY physical layer processing unit 232, an I2C/I3C master 233, a CCI master 234, a CSI-2 A-PHY packet generation unit 235, a CCI A-PHY It has at least a packet transmission/reception unit 236 and a physical layer processing unit 237 compatible with A-PHY.
- the SerDes device 212 converts packets for C-PHY or D-PHY into packets for A-PHY, and this conversion is determined based on register settings and the like.
- the SerDes device 213 includes a CSI-2 transmission circuit 241, a C/D-PHY physical layer processing unit 242, an I2C/I3C slave 243, a CCI slave 244, an A-PHY packet reception unit 245 for CSI-2, an A-PHY for CCI It has at least a packet transmission/reception unit 246 and a physical layer processing unit 247 compatible with A-PHY.
- the SerDes device 213 converts packets for A-PHY into packets for C-PHY or D-PHY, and this conversion is determined based on register settings and the like.
- the application processor 214 has at least an extended mode compatible CSI-2 receiver circuit 251 , a C/D-PHY physical layer processing unit 252 , an I2C/I3C master 253 and a CCI master 254 .
- the communication system 201 is configured in this manner, and an extension packet having the structure described above is transmitted from the image sensor 211 and received by the application processor 214 .
- an extension packet having the structure described above is transmitted from the image sensor 211 and received by the application processor 214 .
- the communication system 201 is configured such that the physical layer processing unit 222 of the image sensor 211 supports D-PHY and the physical layer processing unit 252 of the application processor 22 supports C-PHY, E2E protection must be ensured not to be violated.
- the communication system 201 limits the protection scope of E2E protection to Application Specific payload (hereinafter referred to as AS payload), which is a payload specific to an application, so that it can adapt to E2E protection. That is, the AS payload is used when converting A-PHY packets to C-PHY or D-PHY packets, or when converting C-PHY or D-PHY packets to A-PHY packets. No changes are allowed during conversion.
- AS payload Application Specific payload
- Fig. 21 shows an example structure of an extended packet for D-PHY that has been extended to support E2E protection.
- the AS payload consisting of extended packet header (ePH), packet data, and extended packet footer (ePF) is limited as the protection scope of E2E protection.
- the extended packet header contains the predetermined information that is required when the scope of E2E protection is limited to the AS payload.
- a packet count PC Packet Count
- the packet data has the number of bytes determined by the packet count PC.
- a virtual channel VC Virtual Channel indicating the number of virtual channels is copied to the existing packet header.
- FIG. 22 shows an example structure of an extended packet for C-PHY that has been extended to support E2E protection.
- the extension packet for C-PHY like the extension packet for D-PHY, has an AS payload consisting of an extension packet header (ePH), packet data, and an extension packet footer (ePF) for E2E protection. limited as the scope of protection of Then, in the extension packet header, the packet count PC and virtual channel VC are described as predetermined information required when the scope of E2E protection is limited to the AS payload, similar to the extension packet for D-PHY. .
- ePH extension packet header
- ePF extension packet footer
- Fig. 23 shows an example structure of an extended packet for A-PHY extended to support E2E protection.
- the AS payload consisting of extended packet header (ePH), packet data, and extended packet footer (ePF) is limited as the protection scope of E2E protection.
- the communication system 201 converts the D-PHY or C-PHY extension packet transmitted from the image sensor 211 to the SerDes device 212 into the A-PHY extension packet is generated. Therefore, the packet count PC and virtual channel VC are already described in the extension packet header of the extension packet for A-PHY.
- the communication system 201 can avoid modification of the AS payload on the transmission path and comply with E2E protection.
- the packet structures shown in FIGS. 21 to 23 can be used by partially replacing the corresponding packets of the packet structures shown in FIGS. 3 to 8 and FIGS. 15 to 18. part is replaced.
- FIG. 24 is a flowchart for explaining packet transmission/reception processing adapted to E2E protection.
- processing is started when data to be stored in packet data (for example, image data) is supplied to the extended mode compatible CSI-2 transmission circuit 221 .
- the extended mode compatible CSI-2 transmission circuit 221 stores the supplied data in packet data.
- the extended mode compatible CSI-2 transmission circuit 221 generates an extended packet header describing the virtual channel VC and the packet count PC as shown in FIG. 21 or FIG. 22 above.
- the extension mode compatible CSI-2 transmission circuit 221 adds an extension packet header and an extension packet footer to the packet data to generate an AS payload.
- step S102 the extension mode compatible CSI-2 transmission circuit 221 generates a C-PHY or D-PHY packet header and a C-PHY or D-PHY packet for the AS payload generated in step S101. By adding a footer, an extension packet for C-PHY or D-PHY is generated. Then, the extension mode compatible CSI-2 transmission circuit 221 transmits extension packets for C-PHY or D-PHY to the SerDes device 212 via the C/D-PHY physical layer processing unit 222 .
- step S103 in the SerDes device 212, the CSI-2 receiving circuit 231 receives data for C-PHY or D-PHY transmitted from the image sensor 211 in step S102 via the C/D-PHY physical layer processing unit 232. receive extension packets for Then, the CSI-2 receiving circuit 231 acquires the AS payload from which the packet header and the packet footer are removed from the received extension packet, and supplies the AS payload as it is to the CSI-2 A-PHY packet generator 235 .
- step S104 in the SerDes device 212, the A-PHY packet generator 235 for CSI-2 generates an A-PHY packet header and an A-PHY packet header for the AS payload supplied from the CSI-2 receiver circuit 231.
- a packet footer is added to generate an extension packet for A-PHY.
- the CSI-2 A-PHY packet generation unit 235 transmits the extension packet for A-PHY to the SerDes device 213 via the physical layer processing unit 237 corresponding to A-PHY.
- step S105 in the SerDes device 213, the A-PHY packet reception unit 245 for CSI-2 receives the A-PHY packet transmitted from the SerDes device 212 in step S104 via the physical layer processing unit 247 supporting A-PHY. Receive extension packet for PHY. Then, the CSI-2 A-PHY packet receiving unit 245 acquires the AS payload from the received extension packet with the packet header and packet footer removed, and supplies the AS payload to the CSI-2 transmission circuit 241 as it is.
- step S106 the CSI-2 transmission circuit 241 receives the C-PHY or D-PHY packet header and the C - By adding a packet footer for PHY or D-PHY, an extension packet for C-PHY or D-PHY is generated. The CSI-2 transmission circuit 241 then transmits the extension packet for C-PHY or D-PHY to the application processor 214 via the C/D-PHY physical layer processing unit 242 .
- step S107 in the application processor 214, the extension mode compatible CSI-2 receiving circuit 251 is for the C-PHY or Receive extension packets for D-PHY. Then, the extension mode compatible CSI-2 receiving circuit 251 acquires the AS payload from the received extension packet, excluding the packet header and packet footer, and transmits various data stored in the packet data of the AS payload to the subsequent stage. Output to LSI (not shown). After that, the packet transmission/reception processing adapted to E2E protection ends, and the same processing is repeatedly performed for the next extended packet.
- the communication system 201 can transmit and receive extended packets without altering the AS payload on the transmission path by executing packet transmission and reception processing adapted to E2E protection.
- packet transmission and reception processing adapted to E2E protection.
- the physical layer of the image sensor 211 is D-PHY and the physical layer of the application processor 214 is C-PHY, that is, even if the respective interfaces are different. can also adhere to E2E protection.
- FIG. 25 is a block diagram showing a detailed configuration example of the image sensor 211. As shown in FIG. In the image sensor 211 shown in FIG. 25, the same reference numerals are assigned to the components common to the image sensor 21 shown in FIG. 9, and detailed description thereof will be omitted.
- the image sensor 211 includes pixels 41, an AD converter 42, an image processing unit 43, a register 47, and a controller 60, similar to the image sensor 21 in FIG.
- An I2C/I3C slave 223 and a CCI slave 224 included in the image sensor 211 correspond to the I2C/I3C slave 46 and CCI slave 59 in FIG. 9, respectively.
- the image sensor 211 includes an extension mode compatible CSI-2 transmission circuit 221 and a physical layer processing unit 222.
- the physical layer processing unit 222 is compatible with A-PHY, C-PHY, and D-PHY. there is
- the extension mode compatible CSI-2 transmission circuit 221 includes the controller 60 and the CCI slave 224, as well as an AS payload generator 301, a selector 302, an A-PHY packet generator 303, a C-PHY packet generator 304, a D-PHY packet generator. It comprises a unit 305 and a selector 306 .
- the AS payload generation unit 301 generates an AS payload limited as the protection scope of E2E protection and outputs it to the selector 302.
- AS payload generator 301 has packing section 311 , extended packet header generator 312 , and extended packet footer generator 313 .
- the packing unit 311 packs image data supplied from the image processing unit 43 as data to be transmitted, and generates packet data of the number of bytes determined by the packet count PC.
- the controller 60 can control the number of bytes of packet data generated by the packing unit 311 according to the set value (for example, image size) stored in the register 47 .
- the extended packet header generation unit 312 generates an extended packet header describing the packet count PC and the virtual channel VC and adds it to the packet data, as described with reference to FIGS. 21 to 23, for example.
- the extended packet footer generator 313 generates an extended packet footer and adds it to the packet data.
- Selector 302 selects A-PHY packet generator 303, C-PHY packet generator 304, and D-PHY packet generator 303, C-PHY packet generator 304, and D-PHY packet generator 303, which are provided in parallel, as output destinations of the AS payload supplied from AS payload generator 301, under the control of controller 60.
- One of the packet generators 305 is selected.
- the A-PHY packet generator 303 generates an extension packet for A-PHY from the AS payload supplied via the selector 302 and outputs it to the selector 306 .
- the A-PHY packet generator 303 has an AAL generator 321 , an A-PHY packet header generator 322 , and an A-PHY packet footer generator 323 .
- the AAL (A-PHY Adaptation Layer) generation unit 321 divides the AS payload generated by the AS payload generation unit 301 into 380-byte units in layers called adaptation layers. Then, the A-PHY packet header generation unit 322 adds the A-PHY packet header to the divided AS payload, and the A-PHY packet footer generation unit 323 adds the A-PHY packet footer. Append.
- AAL A-PHY Adaptation Layer
- the C-PHY packet generator 304 generates an extension packet for C-PHY from the AS payload supplied via the selector 302 and outputs it to the selector 306 .
- the C-PHY packet generator 304 has a C-PHY packet header generator 331 , a C-PHY packet footer generator 332 , and a C-PHY lane distributor 333 .
- the C-PHY packet header generation unit 331 adds a C-PHY packet header to the AS payload generated by the AS payload generation unit 301, and the C-PHY packet footer generation unit 332 adds a C-PHY packet header to the AS payload. Add packet footer for PHY. Then, the C-PHY lane distribution unit 333 distributes the extension packet for C-PHY to three lanes according to the CSI-2 standard.
- the D-PHY packet generator 305 generates an extension packet for D-PHY from the AS payload supplied via the selector 302 and outputs it to the selector 306 .
- the D-PHY packet generator 305 has a D-PHY packet header generator 341 , a D-PHY packet footer generator 342 , and a D-PHY lane distributor 343 .
- the D-PHY packet header generation unit 341 adds a D-PHY packet header to the AS payload generated by the AS payload generation unit 301, and the D-PHY packet footer generation unit 342 adds a D-PHY packet header to the AS payload. Add packet footer for PHY. Then, the D-PHY lane distribution unit 343 distributes the D-PHY extension packet to four lanes according to the CSI-2 standard.
- Selector 306 selects A-PHY packet generation section 303, C-PHY packet generation section 304, and D-PHY packet generation section 303, C-PHY packet generation section 304, and D-PHY packet generation section 303, which are provided in parallel, as output sources of extension packets supplied to physical layer processing section 222 under the control of controller 60.
- One of the packet generators 305 is selected.
- the physical layer processing section 222 transmits the extension packet for A-PHY on one lane. Further, when an extension packet for C-PHY is supplied from the C-PHY packet generation section 304, the physical layer processing section 222 transmits the extension packet for C-PHY on three lanes. In addition, when the D-PHY packet generation unit 305 supplies the extension packet for the D-PHY, the physical layer processing unit 222 transmits the extension packet for the D-PHY using four lanes.
- the AS payload generator 301 is sent to the A-PHY packet generator 303, the C-PHY packet generator 304, and the D-PHY packet generator 305 via the selector 302.
- An extended mode compatible CSI-2 transmission circuit 221 is configured to be connected.
- the image sensor 211 can generate an AS payload common to the extension packet for A-PHY, the extension packet for C-PHY, and the extension packet for D-PHY in one AS payload generation unit 301. can be done. That is, the A-PHY packet generator 303, the C-PHY packet generator 304, and the D-PHY packet generator 305 can share the AS payload generator 301, thereby reducing the circuit scale. . Therefore, miniaturization of the image sensor 211 can be realized.
- FIG. 26 is a block diagram showing a detailed configuration example of the application processor 214. As shown in FIG. In addition, in the application processor 214 shown in FIG. 26, the same components as those of the application processor 22 shown in FIG.
- the application processor 214 is configured with a register 73 and a controller 74, similar to the application processor 22 of FIG. Note that the controller 74 may be realized by software. Also, the I2C/I3C master 253 and the CCI master 254 provided in the application processor 214 correspond to the I2C/I3C master 72 and the CCI master 88 in FIG. 10, respectively.
- the application processor 214 includes an extended mode compatible CSI-2 receiving circuit 251 and a physical layer processing unit 252.
- the physical layer processing unit 252 supports A-PHY, C-PHY, and D-PHY. there is
- the extended mode CSI-2 receiver circuit 251 includes a selector 401, an A-PHY packet receiver 402, a C-PHY packet receiver 403, a D-PHY packet receiver 404, a selector 405, and an AS payload. It is configured with a receiving unit 406 .
- Selector 401 selects one of A-PHY packet receiver 402, C-PHY packet receiver 403, and D-PHY packet receiver 404 provided in parallel as an output destination of the extension packet supplied from physical layer processor 252. choose one of
- the A-PHY packet receiving unit 402 receives the extension packet for A-PHY supplied via the selector 401 and outputs it to the selector 405 .
- the A-PHY packet receiver 402 has an A-PHY packet header interpreter 411 , an A-PHY packet footer verifier 412 , and an AAL processor 413 .
- the A-PHY packet header interpretation unit 411 interprets the contents described in the A-PHY packet header, performs processing necessary for receiving the extension packet for A-PHY,
- the packet footer verification unit 412 for A-PHY verifies the presence or absence of an error using the packet footer for A-PHY.
- the AAL processing unit 413 performs processing to combine the AdaptationLayers divided by the AAL generation unit 321 in FIG. 25 .
- the C-PHY packet receiving unit 403 receives the extension packet for C-PHY supplied via the selector 401 and outputs it to the selector 405 .
- the C-PHY packet receiving unit 403 has a C-PHY lane merging unit 421 , a C-PHY packet header interpreting unit 422 , and a C-PHY packet footer verifying unit 423 .
- the C-PHY lane merging unit 421 merges extension packets for C-PHY distributed to three lanes according to the CSI-2 standard and supplied via the physical layer processing unit 252 . Then, the C-PHY packet header interpretation unit 422 interprets the content described in the C-PHY packet header, performs processing necessary for receiving the extension packet for the C-PHY, The packet footer verification unit 423 for C-PHY verifies the presence or absence of an error using the packet footer for C-PHY.
- the D-PHY packet receiving unit 404 receives the extension packet for D-PHY supplied via the selector 401 and outputs it to the selector 405 .
- the D-PHY packet reception unit 404 has a D-PHY lane merge unit 431 , a D-PHY packet header interpretation unit 432 , and a D-PHY packet footer verification unit 433 .
- the D-PHY lane merging unit 431 merges D-PHY extension packets distributed to four lanes according to the CSI-2 standard and supplied via the physical layer processing unit 252 . Then, the D-PHY packet header interpretation unit 432 interprets the contents described in the D-PHY packet header, performs processing necessary for receiving the D-PHY extension packet, The packet footer verification unit 433 for D-PHY verifies the presence or absence of an error using the packet footer for D-PHY.
- Selector 405 selects one of A-PHY packet receiver 402, C-PHY packet receiver 403, and D-PHY packet receiver 404, which are provided in parallel, as an output source of the extension packet supplied to AS payload receiver 406. choose one of
- the AS payload receiving section 406 has an unpacking section 441, an extended packet header interpreting section 442, and an extended packet footer verifying section 443 corresponding to the AS payload generating section 301 in FIG.
- the unpacking unit 441 unpacks the image data packed by the packing unit 311 .
- the extended packet header interpreter 442 interprets the extended packet header generated by the extended packet header generator 312, and reads, for example, the packet count PC and the virtual channel VC.
- the extended packet footer verification unit 443 uses the extended packet footer added by the extended packet footer generation unit 313 to verify the presence or absence of an error. Then, the AS payload receiving unit 406 receives various data stored in the packet data supplied via the selector 405, such as image data, vehicle row number, SourceID, CRC error, etc. not shown).
- the AS payload receiver 406 is sent to the A-PHY packet receiver 402, the C-PHY packet receiver 403, and the D-PHY packet receiver 404 via the selector 405.
- the extension mode compatible CSI-2 receiving circuit 251 is configured to be connected.
- the application processor 214 receives the AS payload common to the extension packet for A-PHY, the extension packet for C-PHY, and the extension packet for D-PHY in one AS payload receiving section 406. can be done. That is, the AS payload receiver 406 can be shared by the A-PHY packet receiver 402, the C-PHY packet receiver 403, and the D-PHY packet receiver 404, thereby reducing the circuit scale. . Therefore, miniaturization of the application processor 214 can be achieved.
- a communication system 501 shown in FIG. 27 has a direct connection configuration in which an image sensor 511 and an application processor 512 are directly connected by A-PHY (without going through a SerDes device as described later with reference to FIG. 40). It's becoming
- the image sensor 511 comprises an A-PHY processing unit 521, a CSIA processing unit 522, a CSI2 processing unit 523, a CSI2-FS processing unit 524, a CCI processing unit 525, a CCI-FS processing unit 526, and a register 527. .
- the A-PHY processing unit 521 has a CCI processing unit 525 mounted as an upper layer, and is connected to the A-PHY processing unit 531 of the application processor 512 via MIPI A-PHY to process data including the extended packet header ePH and the extended packet footer ePF. send and receive
- the CCI-FS processing unit 526 compares the Destination ID included in the extended packet header ePH with the ID (Source ID) of the image sensor 511, and determines whether or not the image sensor 511 is accessed.
- the application processor 512 includes an A-PHY processing unit 531, a CSIA processing unit 532, a CSI2 processing unit 533, a CSI2-FS processing unit 534, a CCI processing unit 535, a CCI-FS processing unit 536, a register 537, and a CCI-FS switch 538. configured with
- the A-PHY processing unit 531 has a CCI processing unit 535 mounted as an upper layer, and is connected to the A-PHY processing unit 521 of the image sensor 511 via MIPI A-PHY to process data including the extended packet header ePH and the extended packet footer ePF. send and receive
- the CCI-FS processing unit 536 compares the Destination ID included in the extended packet header ePH with the ID (Source ID) possessed by the application processor 512, and determines whether or not the application processor 512 is accessed.
- the CCI-FS switch 538 transmits/receives data via the CCI-FS processing unit 536 when the CCI-FS processing unit 536 is enabled, and transmits/receives data via the CCI-FS processing unit 536 when the CCI-FS processing unit 536 is disabled. Switching is performed so that data is transmitted and received without going through the processing unit 536 .
- FIG. 28 shows an example of a read command packet configuration generated in the CCI-FS processing unit 536 of the application processor 512 during read access.
- Extended packet header ePH0 stores extended VC, extended DT, extended PFEN, and extended PHEN.
- the extended DT is information indicating the CCI protocol (I2C), and routing processing is performed using the extended DT.
- Source ID[7:1] and Packet Length are stored in the extended packet header ePH1.
- the Source ID is information indicating the source of the CCI protocol (I2C), and response processing is performed based on the Source ID.
- Packet Length is information indicating the data length.
- Security Descriptor and Message Counter are stored in the extended packet header ePH2.
- Security Descriptor indicates whether or not security is used, and indicates "8'h0" when security is not used.
- MessageCounter is information indicating the bucket order, and indicates a count value obtained by counting messages, and indicates "16'h5" when the message is the fifth.
- Destination ID[7:1], Read/Write, and DestinationAddress are stored in the extended packet header ePH3.
- Destination ID[7:1] indicates the slave address of the CCI processing unit 525 of the image sensor 511, which is "7'h0D" in the illustrated example.
- the Destination ID is information indicating the destination of the CCI protocol (I2C), and routing is performed based on the Destination ID, and the communication path is referenced.
- Read/Write indicates reading or writing of data, and indicates "1'b1" in the case of read.
- Destination Address indicates the address of the register 527 of the image sensor 511, which is the final destination, and is "0x0200" in the illustrated example.
- various data are stored in the AP (CCI) payload.
- the AP (CCI) payload may not be sent when security is off, and dummy data may be stored and sent when security is on.
- the extended packet footer ePF1 is not sent when security is off.
- the CRC calculation value is stored in the extended packet footer ePF0.
- such a packet-structured read command is generated in the CCI-FS processing unit 536 and supplied to the A-PHY processing unit 531 .
- FIG. 29 shows an example of the packet configuration of a read command output from the A-PHY processing unit 531 of the application processor 512 during read access.
- the A-PHY processing unit 531 adds an A-PHY header and an A-PHY footer to the read command supplied from the CCI-FS processing unit 536 as the protection range of E2E protection.
- a read command with such a packet structure is A-PHY transferred by the APHY processing unit 531 of the application processor 512 . Then, in the image sensor 511, the A-PHY processing unit 521 removes the A-PHY header and A-PHY footer from the read command. After that, the read command is supplied to the CCI-FS processing section 526 via the CCI processing section 525 of the slave address "7'h0D" indicated by the Destination ID.
- FIG. 30 shows an example of the read command supplied to the CCI-FS processing unit 526 and the packet structure of the read data generated in the CCI-FS processing unit 526 during read access.
- the AP (CCI) payload stores the read data value read from the address "0x0200" of the register 527 indicated by the source address information (Destination Address) of the extended packet header ePH of the read command.
- such packet-structured read data is generated in the CCI-FS processing unit 526 and supplied to the A-PHY processing unit 521 .
- FIG. 31 shows an example of the packet configuration of read data output from the A-PHY processing unit 521 of the image sensor 511 during read access.
- the A-PHY processing unit 521 adds an A-PHY header and an A-PHY footer to the read data supplied from the CCI-FS processing unit 526 as the protected range of E2E protection.
- the read data with such a packet structure is A-PHY transferred by the A-PHY processing unit 521 of the image sensor 511 . Then, in the application processor 512 , the A-PHY processing unit 531 removes the A-PHY header and A-PHY footer from the read data, and the read data is supplied to the CCI-FS processing unit 536 .
- FIG. 32 shows an example of the packet structure of read data supplied to the CCI-FS processing unit 536 during read access.
- the read data with the packet structure shown in FIG. 30 as it is, that is, the read data within the protection range of E2E Protection in A-PHY transfer is supplied to the CCI-FS processing unit 536.
- FIG. 33 shows an example of the packet configuration of write data generated in the CCI-FS processing unit 536 of the application processor 512 during write access.
- Extended packet header ePH0 stores extended VC, extended DT, extended PFEN, and extended PHEN.
- Source ID[7:1] and Packet Length are stored in the extended packet header ePH1.
- Security Descriptor and Message Counter are stored in the extended packet header ePH2.
- Security Descriptor indicates whether or not security is used, and indicates "8'h0" when security is not used.
- MessageCounter indicates a count value obtained by counting messages, and indicates "16'h4" when the message is the fourth.
- Destination ID[7:1], Read/Write, and DestinationAddress are stored in the extended packet header ePH3.
- Destination ID[7:1] indicates the slave address of the CCI processing unit 525 of the image sensor 511, which is "7'h0D" in the illustrated example.
- Read/Write indicates reading or writing of data, and indicates "1'b0" in the case of writing.
- Destination Address indicates the address of the register 527 of the image sensor 511, which is the final destination, and is "0x1234" in the illustrated example.
- the data (Data0[7:0]) to be written to the image sensor 511 is stored in the AP (CCI) payload, and the 0xFF value is the write data.
- the extended packet footer ePF1 is not sent when security is off.
- the CRC calculation value is stored in the extended packet footer ePF0.
- such packet-structured write data is generated in the CCI-FS processing unit 536 and supplied to the A-PHY processing unit 531 .
- FIG. 34 shows an example of the packet configuration of write data output from the A-PHY processing unit 531 of the application processor 512 during write access.
- the A-PHY processing unit 531 adds an A-PHY header and an A-PHY footer to the write data supplied from the CCI-FS processing unit 536 as the protection range of E2E protection.
- Write data with such a packet structure is A-PHY transferred by the A-PHY processing unit 531 of the application processor 512 . Then, in the image sensor 511, the A-PHY processing unit 521 removes the A-PHY header and A-PHY footer from the write data. After that, the write data is supplied to the CCI-FS processing section 526 via the CCI processing section 525 of the slave address "7'h0D" indicated by the Destination ID.
- FIG. 35 shows an example of the packet structure of write data supplied to the CCI-FS processing unit 526 during write access.
- the write data with the packet structure shown in FIG. 33 as it is, that is, the write data set as the protection range of E2E Protection in A-PHY transfer, is supplied to the CCI-FS processing unit 526. Then, the CCI-FS processing unit 526 selects the AP (CCI) payload from the address "0x1234" of the register 527 indicated by the CCI command ID information, that is, the source address information (Destination Address) of the extended packet header ePH of the read command. Write stored data.
- CCI AP
- the extended packet header ePH uses fields such as extended VC, extended DT, and Message Counter.
- the length of the extended packet header ePH can be changed with the field value (epFEN field) of the extended packet header ePH.
- Length Packet Length(PL) x Data Byte Width.
- the length of the extended packet footer ePF1 can be changed with the field setting value (epFEN field) of the extended packet header ePH. Also, security-related information can be added.
- the extended packet footer ePF0 can add a CRC-32 calculated from the packet data with the field setting value of the extended packet header ePH.
- initial setting and confirmation operations are performed in steps S211 to S222.
- step S211 read access is made twice to the Capability register of the CCI-FS processing unit 526 from the application processor 512 to the image sensor 511.
- the number of read accesses is not limited to two, and can be set arbitrarily for functional safety, and may be one or more than three times.
- step S212 in the application processor 512, the CSI2-FS processing unit 524 checks whether or not the Capability register value of the CCI-FS processing unit 526 is 1'b1 both times for the result of the read access in step S211. judge. If it is determined in step S212 that the Capability register value of the CCI-FS processing unit 526 is not 1'b1 both times, the process proceeds to step S213.
- step S213 in the application processor 512, the CSI2-FS processing unit 524 determines whether or not the number of retransmissions is three or more. Note that the number of retransmissions is not limited to three, and can be set to any number, and the same applies to the number of retransmissions described below. If it is determined in step S213 that the number of retransmissions is not three or more (one or two), the process returns to step S211, and the same process is repeated thereafter.
- step S212 determines whether the Capability register value of the CCI-FS processing unit 526 is 1'b1 both times. If it is determined in step S212 that the Capability register value of the CCI-FS processing unit 526 is 1'b1 both times, the process proceeds to step S214.
- step S214 one write access to the Enable register of the CCI-FS processing unit 526 is performed from the application processor 512 to the image sensor 511.
- step S215 in the image sensor 511, the CCI-FS processing unit 526 performs one write access to the Enable register of the CCI-FS processing unit 536 of the application processor 512.
- step S216 the slave address of the opposing image sensor 511 is set in the Destination SID register of the CCI-FS processing unit 536 of the application processor 512.
- step S217 the ePH register of the CCI-FS processing unit 536 of the application processor 512 is set.
- step S218 the ePH register of the CCI-FS processing unit 526 is set from the application processor 512 to the image sensor 511.
- step S219 read access to the Enable register and Error register of the CCI-FS processing unit 526 is made from the application processor 512 to the image sensor 511.
- step S220 in the application processor 512, the CCI-FS processing unit 536 confirms that the Enable register value of the CCI-FS processing unit 526 is 1'b1 and the Error register value is It is determined whether or not it is 0.
- step S220 If it is determined in step S220 that the Enable register value of the CCI-FS processing unit 526 is not 1'b1 or the Error register value is not 0, the process proceeds to step S221.
- step S221 in the application processor 512, the CSI2-FS processing unit 524 determines whether or not the number of retransmissions is three or more. If it is determined in step S221 that the number of retransmissions is three or more, the process returns to step S211, and the same process is repeated thereafter.
- step S213 determines whether the number of retransmissions is 3 or more, or if it is determined in step S221 that the number of retransmissions is not 3 or more (one or two times). If it is determined in step S213 that the number of retransmissions is 3 or more, or if it is determined in step S221 that the number of retransmissions is not 3 or more (one or two times), the process proceeds to step S222. proceed to
- step S222 CCI communication is performed without using CCI-FS, after which the communication process is terminated.
- step S220 determines whether the Enable register value of the CCI-FS processing unit 526 is 1'b1 and the Error register value is 0, the process proceeds to step S223.
- steps S223 to S234 a write operation using CCI-FS is performed.
- step S223 the CCI-FS processing unit 536 of the application processor 512 sets the ePH register so that the write operation is performed.
- step S224 the CCI-FS processing unit 536 of the application processor 512 sets the write data register.
- step S225 the CCI-FS processing unit 536 of the application processor 512 sets the command execution register to 1.
- step S226, in the application processor 512, the A-PHY processing unit 531 treats the write data generated by the CCI-FS processing unit 536 as the protection range of E2E Protection as shown in FIG. Add header and A-PHY footer and perform A-PHY transfer.
- step S227 in the image sensor 511, the A-PHY processing unit 521 removes the A-PHY header and A-PHY footer from the write data, and supplies the protection range of E2E protection to the CCIFS processing unit 526.
- step S229 in the image sensor 511, the CCI-FS processing unit 526 determines whether the Source ID of the image sensor 511 confirmed in step S228 matches the Destination SID of the extension packet header ePH.
- step S229 If it is determined in step S229 that the Source ID of the image sensor 511 matches the Destination SID of the extended packet header ePH, the process proceeds to step S230.
- step S230 in the image sensor 511, the CCI-FS processing unit 526 confirms the Message Counter from the content of the extended packet header ePH.
- step S231 in the image sensor 511, the CCI-FS processing unit 526 determines whether or not the Message Counter (reception) of the image sensor 511 confirmed in step S230 matches the Message Counter of the extension packet header ePH. .
- step S231 If it is determined in step S231 that the Message Counter (reception) of the image sensor 511 matches the Message Counter of the extended packet header ePH, the process proceeds to step S232.
- step S232 in the image sensor 511, the CCI-FS processing unit 526 confirms the CRC from the contents of the extended packet footer ePF.
- step S233 in the image sensor 511, the received value (ePF0) of the extension packet footer ePF confirmed in step S232 by the CCI-FS processing unit 526 matches the CRC calculation result calculated in the CCI-FS processing unit 526. Determine whether or not
- step S233 If it is determined in step S233 that the received value (ePF0) of the extension packet footer ePF matches the CRC calculation result, the process proceeds to step S234.
- step S234 in the image sensor 511, the CCI-FS processing unit 526 performs write processing to write write data to the address of the register 527 from the contents of the extended packet header ePH and the extended packet footer ePF. After that, the process proceeds to step S235.
- steps S235 to S247 a read operation using CCI-FS is performed.
- step S235 in the application processor 512, the CCI-FS processing unit 536 sets the ePH register so that a read operation is performed.
- step S236 in the application processor 512, the CCI-FS processing unit 536 sets the command execution register to 1.
- step S237 in the application processor 512, the A-PHY processing unit 531 converts the write data generated by the CCI-FS processing unit 536 into the protection range of E2E Protection as shown in FIG. Add header and A-PHY footer and perform A-PHY transfer.
- step S238 in the image sensor 511, the A-PHY processing unit 521 removes the A-PHY header and A-PHY footer from the write data and supplies the protection range of E2E protection to the CCI-FS processing unit 526.
- step S239 in the image sensor 511, the CCI-FS processing unit 526 confirms the Source ID of the image sensor 511 and the Destination SID of the extension packet header ePH from the content of the extension packet header ePH.
- step S240 in the image sensor 511, the CCI-FS processing unit 526 determines whether the Source ID of the image sensor 511 confirmed in step S239 matches the Destination SID of the extension packet header ePH.
- step S240 If it is determined in step S240 that the Source ID of the image sensor 511 matches the Destination SID of the extended packet header ePH, the process proceeds to step S241.
- step S241 in the image sensor 511, the CCI-FS processing unit 526 confirms the Message Counter from the content of the extended packet header ePH.
- step S242 in the image sensor 511, the CCI-FS processing unit 526 determines whether or not the Message Counter (reception) of the image sensor 511 confirmed in step S241 matches the Message Counter of the extension packet header ePH. .
- step S242 If it is determined in step S242 that the Message Counter (reception) of the image sensor 511 matches the Message Counter of the extended packet header ePH, the process proceeds to step S243.
- step S243 in the image sensor 511, the CCI-FS processing unit 526 confirms the CRC from the content of the extended packet footer ePF.
- step S244 in the image sensor 511, the received value (ePF0) of the extension packet footer ePF confirmed by the CCI-FS processing unit 526 in step S243 matches the CRC calculation result calculated in the CCI-FS processing unit 526. Determine whether or not
- step S244 If it is determined in step S244 that the received value (ePF0) of the extension packet footer ePF matches the CRC calculation result, the process is terminated.
- step S229 of FIG. 38 or step S240 of FIG. 39 the process proceeds to step S245.
- step S245 the Error register (Routing) on the image sensor 511 side is set to 1, after which the process ends.
- step S231 of FIG. 38 or step S242 of FIG. 39 determines whether the Message Counter (reception) of the image sensor 511 matches the Message Counter of the extension packet header ePH.
- step S246 the Error register (MC) on the image sensor 511 side is set to 1, after which the process ends.
- step S233 of FIG. 38 or step S244 of FIG. 39 determines whether the received value (ePF0) of the extension packet footer ePF and the CRC calculation result do not match.
- step S247 the Error register (CRC) on the image sensor 511 side is set to 1, and then the process is terminated.
- CRC Error register
- a communication system 601 shown in FIG. 40 has a SerDes connection configuration in which an image sensor 611 and an application processor 614 are connected via a SerDes device 612 on the slave side and a SerDes device 613 on the master side.
- the image sensor 611 comprises an I2C/I3C slave 621, a CCI processing section 622, a CSI2-FS processing section 623, and a register 624.
- the slave-side SerDes device 612 includes an A-PHY processing unit 631, a CSIA processing unit 632, a CSI2-FS processing unit 633, an I2C/I3C master 634, a CCI processing unit 635, a CCI-FS processing unit 636, and a register 637. consists of
- the master-side SerDes device 613 includes an A-PHY processing unit 641, a CSIA processing unit 642, a CSI2-FS processing unit 643, an I2C/I3C slave 644, a CCI processing unit 645, a CCI-FS processing unit 646, and a register 647. consists of
- the application processor 614 comprises an I2C/I3C master 651, a CCI processing unit 652, a CCIFS processing unit 653, a register 654, and a CCI-FS switch 655.
- FIG. 41 shows an example of the packet configuration of a read command generated by the CCI-FS processing unit 653 of the application processor 614 during read access.
- such a packet-structured read command is generated in the CCI-FS processing unit 653 and supplied to the I2C/I3C master 651 .
- FIG. 42 shows an example of the packet configuration of a read command output from the I2C/I3C master 651 of the application processor 614 during read access.
- the I2C/I3C master 651 sends a connection destination sensor address, that is, in the configuration shown in FIG. Address+W 8-bit).
- the register addresses (RegisterAddress[15:8] and RegisterAddress[7:0]) of register 647 of SerDes device 613 on the master side are sent.
- a read command with such a packet structure is transferred from the I2C/I3C master 651 of the application processor 614 by I2C/I3C.
- FIG. 43 shows an example of the packet configuration of a read command output from the A-PHY processing section 641 of the SerDes device 613 on the master side during read access.
- the A-PHY processing unit 641 adds an A-PHY header and an A-PHY footer to the read command acquired by the I2C/I3C slave 644 as the protection range of E2E Protection.
- a read command with such a packet structure is A-PHY transferred by the A-PHY processing unit 641 of the SerDes device 613 on the master side.
- the A-PHY processing unit 631 removes the A-PHY header and A-PHY footer from the read command.
- the read command is supplied to the CCI processing unit 635 of the slave address "7'h0E" indicated by the Destination ID via the CSIA processing unit 632, CSI2-FS processing unit 633, and CCI-FS processing unit 636, the I2C /I3C master 634.
- FIG. 44 shows an example of the packet configuration of the read command output from the I2C/I3C master 634 during read access.
- the I2C/I3C master 634 sends the sensor address of the connection destination, that is, the address of the CCI processing unit 622 of the image sensor 611 in the configuration shown in FIG. 8-bit).
- the register addresses of registers 624 of image sensor 611 (Register Address [15:8] and Register Address [7:0]) are sent.
- FIG. 45 shows an example of the read command supplied to the CSI2-FS processing unit 623 and the packet structure of the read data generated in the CSI2-FS processing unit 623 during read access.
- the read command with the packet structure shown in FIG. 41 as it is, that is, the read command with the protection range of E2E Protection in the APHY transfer is supplied to the CSI2-FS processing unit 623.
- the AP (CCI) payload stores the read data value read from the address "0x0200" of the register 624 indicated by the source address information (Destination Address) of the extended packet header ePH of the read command.
- such packet-structured read data is generated in the CCI-FS processing unit 623 and supplied to the I2C/I3C slave 621 via the CCI processing unit 622 .
- FIG. 46 shows an example of the packet configuration of read data output from the I2C/I3C slave 621 of the image sensor 611 during read access.
- the I2C/I3C slave 621 sends the sensor address of the connection destination, that is, the address of the I2C/I3C master 634 of the SerDes device 612 on the slave side in the configuration shown in FIG. Send Slave Address+W 8-bit).
- the read data storage address (the address of the register 624 of the image sensor 611) is sent, and the address (Slave Address+R 8-bit) of the I2C/I3C master 634 of the SerDes device 612 on the slave side is sent. be done.
- the stop condition P is transmitted.
- a read command with such a packet structure is transferred from the I2C/I3C slave 621 of the image sensor 611 by I2C/I3C.
- FIG. 47 shows an example of the packet configuration of read data output from the A-PHY processing section 631 of the SerDes device 612 on the slave side during read access.
- the A-PHY processing unit 631 adds an A-PHY header and an A-PHY footer to the read data acquired by the I2C/I3C master 634 as the protected range of E2E protection.
- the read data with such a packet structure is A-PHY transferred by the A-PHY processing unit 631 of the SerDes device 612 on the slave side. Then, in the SerDes device 613 on the master side, the A-PHY processing unit 641 removes the A-PHY header and A-PHY footer from the read data. Read data is supplied to the I2C/I3C slave 644 via the CSIA processing unit 642 , CSI2-FS processing unit 643 , CCI-FS processing unit 646 and CCI processing unit 635 .
- FIG. 48 shows an example of the packet configuration of read data output from the I2C/I3C slave 644 of the SerDes device 613 on the master side during read access.
- the I2C/I3C slave 644 sends the connection destination sensor address, that is, in the configuration shown in FIG. Send Slave Address+W 8-bit).
- the register address (Register Address [15:8] and Register Address [7:0]) of the register 647 of the SerDes device 613 on the master side is transmitted, and the address of the CCI processing unit 635 (Slave Address+R 8-bit) is transmitted.
- FIG. 49 shows an example of the packet structure of read data supplied to the CCI-FS processing unit 653 during read access.
- initial setting and confirmation operations are performed in steps S301 to S317.
- step S301 the slave address of the opposing image sensor 611 is set in the Destination SID register of the CCI-FS processing unit 653 of the application processor 614.
- step S302 the ePH register of the CCI-FS processing unit 653 of the application processor 614 is set.
- step S303 the Destination SID of the Bridge configuration of the CCI-FS processing unit 653 of the application processor 614 is set, and the SerDes device 613 on the master side is registered.
- the Address, attribution, and Timeout_no1 registers are also set in the same manner, and the same setting is performed thereafter.
- step S304 the ePH register of the CCI-FS processing unit 643 is set from the application processor 614 to the SerDes device 613 on the master side.
- step S305 the Destination SID of the bridge configuration of the CCI-FS processing unit 643 is set from the application processor 614 to the master-side SerDes device 613, and the slave-side SerDes device 612 is registered.
- step S306 read access to the Error register of the CCI-FS processing unit 643 is made from the application processor 614 to the SerDes device 613 on the master side.
- step S307 in the application processor 614, the CCI-FS processing unit 653 determines whether the register value of the Error register of the CCIFS processing unit 643 of the master-side SerDes device 613 is 0 as a result of the read access in step S306. judge.
- step S307 If it is determined in step S307 that the register value of the Error register of the CCI-FS processing unit 643 of the SerDes device 613 on the master side is not 0 (other than 0), the process proceeds to step S308.
- step S308 in the application processor 614, the CCI-FS processing unit 653 determines whether or not the number of retransmissions is 3 or more. , the process returns to step S304, and the same process is repeated thereafter.
- step S307 if it is determined in step S307 that the register value of the Error register of the CCI-FS processing unit 643 of the master-side SerDes device 613 is 0, the process proceeds to step S309.
- step S309 the ePH register of the CCI-FS processing unit 636 is set from the application processor 614 to the SerDes device 612 on the slave side.
- step S310 the Destination SID of the bridge configuration of the CCI-FS processing unit 636 is set from the application processor 614 to the slave-side SerDes device 612, and the slave-side SerDes device 612 is registered.
- step S311 read access to the Error register of the CCI-FS processing unit 636 is made from the application processor 614 to the SerDes device 612 on the slave side.
- step S312 in the application processor 614, the CCI-FS processing unit 653 determines whether the register value of the Error register of the CCI-FS processing unit 636 of the slave-side SerDes device 612 is 0 as a result of the read access in step S311. determine whether
- step S312 If it is determined in step S312 that the register value of the Error register of the CCI-FS processing unit 636 of the slave-side SerDes device 612 is not 0 (other than 0), the process proceeds to step S313.
- step S313 in the application processor 614, the CCI-FS processing unit 653 determines whether or not the number of retransmissions is 3 or more. , the process returns to step S309, and the same process is repeated thereafter.
- step S312 determines whether the register value of the Error register of the CCI-FS processing unit 636 of the slave-side SerDes device 612 is 0, the process proceeds to step S314.
- step S314 the ePH register of the CCI-FS processing unit 623 is set from the application processor 614 to the image sensor 611.
- step S315 read access to the Error register of the CCI-FS processing unit 623 is made from the application processor 614 to the image sensor 611.
- step S316 in the application processor 614, the CCI-FS processing unit 653 determines whether or not the register value of the Error register of the CCI-FS processing unit 623 of the image sensor 611 is 0 as a result of the read access in step S315. do.
- step S316 If it is determined in step S316 that the register value of the Error register of the CCI-FS processing unit 623 of the image sensor 611 is not 0 (other than 0), the process proceeds to step S317.
- step S317 in the application processor 614, the CCI-FS processing unit 653 determines whether or not the number of retransmissions is 3 or more. , the process returns to step S314, and the same process is repeated thereafter.
- step S308 if it is determined in step S308, step S313, or step S317 that the number of retransmissions is three or more, the process returns to step S301, and the same process is repeated thereafter.
- step S316 determines whether the register value of the Error register of the CCI-FS processing unit 623 of the image sensor 611 is 0, the process proceeds to step S318.
- steps S318 to S327 a write operation using CCI-FS is performed.
- step S318 the CCI-FS processing unit 653 of the application processor 614 sets the ePH register so that the write operation is performed.
- step S319 the CCI-FS processing unit 653 of the application processor 614 sets the write data register.
- step S320 the CCI-FS processing unit 653 of the application processor 614 sets the command execution register to 1 and issues a write command.
- step S321 the application processor 614 performs Sequence A_Write (during AP) processing, which will be described later with reference to FIG.
- step S322 the master-side SerDes device 613 performs Sequence B (for SerDes (Master)) processing, which will be described later with reference to FIG.
- FIG. 56 illustrates the Sequence B (SerDes (Slave)) processing executed by the SerDes device 612 on the slave side, similar processing is also executed by corresponding blocks in the SerDes device 613 on the master side. can do.
- step S323 the A-PHY processing unit 641 extracts the A-PHY header and A -Add PHY footer and perform A-PHY transfer.
- step S324 the SerDes device 612 on the slave side performs Sequence B (for SerDes (Slave)) processing, which will be described later with reference to FIG.
- step S325 the SerDes device 612 on the slave side performs Sequence A_Write (at the time of SerDes (Slave)) processing, which will be described later with reference to FIG.
- FIG. 53 describes the Sequence A_Write (during AP) processing executed by the application processor 614, similar processing can be executed by corresponding blocks in the SerDes device 612 on the slave side as well.
- step S326 the image sensor 611 performs Sequence B (for Image Sensor) processing, which will be described later with reference to FIG.
- FIG. 56 illustrates the Sequence B (SerDes (Slave)) processing executed by the SerDes device 612 on the slave side
- the image sensor 611 can also execute similar processing by corresponding blocks. can.
- step S327 in the image sensor 611, the CCI-FS processing unit 623 performs write processing to write write data to the address of the register 624 based on the contents of the extended packet header ePH and the extended packet footer ePF. After that, the process proceeds to step S328.
- steps S328 to S344 a read operation using CCI-FS is performed.
- step S328 the CCI-FS processing unit 653 of the application processor 614 sets the ePH register to perform read operation.
- step S329 the CCI-FS processing unit 653 of the application processor 614 sets the read data register.
- step S330 the CCI-FS processing unit 653 of the application processor 614 sets the command execution register to 1 and issues a read command.
- step S331 the application processor 614 performs Sequence A_Read_CMD (during AP) processing, which will be described later with reference to FIG.
- Sequence A_Read_CMD (during AP) process
- two branched processes are performed in parallel, the process proceeds to step S332 according to branch A, and the process proceeds to step S339 according to branch B.
- step S332 the master-side SerDes device 613 performs Sequence B (for SerDes (Master)) processing, which will be described later with reference to FIG.
- FIG. 56 illustrates the Sequence B (SerDes (Slave)) processing executed by the SerDes device 612 on the slave side, similar processing is also executed by corresponding blocks in the SerDes device 613 on the master side. can do.
- step S333 the A-PHY processing unit 641 extracts the A-PHY header and A -Add PHY footer and perform A-PHY transfer.
- step S334 the SerDes device 612 on the slave side performs Sequence B (for SerDes (Slave)) processing, which will be described later with reference to FIG.
- step S355 the SerDes device 612 on the slave side performs Sequence A_Read_CMD (for SerDes (Slave)) processing, which will be described later with reference to FIG.
- FIG. 54 describes the Sequence A_Read_CMD (during AP) processing executed in the application processor 614, similar processing can also be executed by corresponding blocks in the slave-side SerDes device 612.
- the Sequence A_Read_CMD (SerDes (Slave)) process of the two branched processes, the process does not proceed to branch A, and the process proceeds to step S336 according to branch B.
- step S336 the SerDes device 612 on the slave side performs Sequence A_Read_Data (for SerDes (Slave)) processing, which will be described later with reference to FIG.
- FIG. 57 describes the Sequence A_Read_Data (during AP) processing executed in the application processor 614, the same processing can be executed by corresponding blocks in the SerDes device 612 on the slave side.
- step S337 the A-PHY processing unit 631 extracts the A-PHY header and A -Add PHY footer and perform A-PHY transfer.
- step S3308 the master-side SerDes device 613 performs Sequence B (for SerDes (Master)) processing, which will be described later with reference to FIG.
- FIG. 56 illustrates the Sequence B (SerDes (Slave)) processing executed in the SerDes device 612 on the slave side, the same processing is performed by corresponding blocks in the SerDes device 613 on the master side. can be executed.
- step S339 the application processor 614 performs Sequence A_Read_Data (during AP) processing, which will be described later with reference to FIG.
- step S340 the application processor 614 performs Sequence B (during AP) processing, which will be described later with reference to FIG.
- FIG. 56 illustrates the Sequence B (SerDes (Slave)) processing executed in the SerDes device 612 on the slave side, but the application processor 614 can also execute similar processing by corresponding blocks. can be done.
- step S341 in the application processor 614, the CCI-FS processing unit 653 stores read data in the address of the register 654 from the contents of the extended packet header ePH and the extended packet footer ePF.
- step S342 the image sensor 611, the slave-side SerDes device 612, the master-side SerDes device 613, and the application processor 614 perform error register confirmation for the above-described read processing.
- step S343 the image sensor 611 and each device (slave-side SerDes device 612, master-side SerDes device 613, and application processor 614) determine whether the register value of the Error register of each CCI-FS processing unit is 0. determine whether or not
- step S343 If it is determined in step S343 that the register values of all CCI-FS processing units are not 0 (one of them has a register value other than 0), the process proceeds to step S344.
- step S344 the error-related register values of the CCI-FS processing unit whose register value is not 0 are checked, the Error register is cleared by writing 1, and retransmission processing is performed.
- step S343 if it is determined in step S343 that the register values of all CCI-FS processing units are 0, or after step S344 is completed, the process ends.
- FIG. 53 is a flowchart for explaining the Sequence A_Write (during AP) processing performed in step S321 of FIG.
- the processing performed by the application processor 614 will be described as an example, but the Sequence A_Write (SerDes (Slave)) processing in step S325 of FIG. 51 is performed in the same manner.
- step S351 in the application processor 614, the I2C/I3C master 651 issues a start command and a slave address (Slave Address+W8-bit shown in FIG. 42).
- step S352 the application processor 614 determines whether the I2C/I3C master 651 has received an ACK response from the I2C/I3C slave 644 of the SerDes device 613 on the master side. If it is determined in step S352 that an ACK response has been received from the I2C/I3C slave 644 of the SerDes device 613 on the master side, the process proceeds to step S353.
- step S353 in the application processor 614, the I2C/I3C master 651 issues a register address (Register Address [15:8] shown in FIG. 42).
- Register Address [15:8] shown in FIG. 42.
- the payload below this register address is transmitted as shown in FIG.
- step S354 the application processor 614 determines whether the I2C/I3C master 651 has received an ACK response from the I2C/I3C slave 644 of the SerDes device 613 on the master side. If it is determined in step S354 that an ACK response has been received from the I2C/I3C slave 644 of the SerDes device 613 on the master side, the process proceeds to step S355.
- step S355 in the application processor 614, the I2C/I3C master 651 determines whether the final data transfer has been completed. If it is determined in step S355 that the transfer of the final data has not been completed, the process returns to step S353, and the same process is repeated thereafter.
- step S355 if it is determined in step S355 that the transfer of the final data has been completed, the process proceeds to step S356.
- step S356 in the application processor 614, the I2C/I3C master 651 issues a stop command. As a result, the Sequence A_Write (during AP) processing ends, and the processing returns to step S322 in FIG.
- step S352 or S354 determines whether an ACK response has been received from the I2C/I3C slave 644 of the SerDes device 613 on the master side. If it is determined in step S352 or S354 that an ACK response has not been received from the I2C/I3C slave 644 of the SerDes device 613 on the master side, the process proceeds to step S357.
- step S357 in the application processor 614, the I2C/I3C master 651 issues a stop command. In this case, the Sequence A_Write (for AP) processing ends, and the communication processing itself ends.
- FIG. 54 is a flowchart for explaining the Sequence A_Read_CMD (during AP) processing performed in step S331 of FIG.
- the processing performed by the application processor 614 will be described as an example, but the Sequence A_Read_CMD (at SerDes (Slave)) processing in step S335 of FIG. 52 is performed in the same manner.
- step S361 in the application processor 614, the I2C/I3C master 651 issues a start command and slave address (Slave Address+W8-bit shown in FIG. 42) to start the timer.
- start command and slave address Slave Address+W8-bit shown in FIG. 42
- step S362 the application processor 614 determines whether the I2C/I3C master 651 has received an ACK response from the I2C/I3C slave 644 of the SerDes device 613 on the master side. If it is determined in step S362 that an ACK response has been received from the I2C/I3C slave 644 of the SerDes device 613 on the master side, the process proceeds to step S363.
- step S363 in the application processor 614, the I2C/I3C master 651 issues a register address (Register Address [15:8] shown in FIG. 42).
- Register Address [15:8] shown in FIG. 42.
- step S364 the application processor 614 determines whether the I2C/I3C master 651 has received an ACK response from the I2C/I3C slave 644 of the SerDes device 613 on the master side.
- step S364 If it is determined in step S364 that an ACK response has been received from the I2C/I3C slave 644 of the SerDes device 613 on the master side, the process proceeds to step S365.
- step S365 in the application processor 614, the I2C/I3C master 651 determines whether the final data transfer has been completed.
- step S365 If it is determined in step S365 that the transfer of the final data has been completed, the process proceeds to step S366.
- step S366 in the application processor 614, the I2C/I3C master 651 issues a stop command. Thereafter, the process branches into two, following branch A, the process proceeds to step S332 in FIG. On the other hand, according to branch B, after Sequence C (in AP) processing (see FIG. 55 described later) is performed in step S367, the processing proceeds to step S339 in FIG.
- step S365 determines whether the transfer of the final data has been completed. If it is determined in step S365 that the transfer of the final data has not been completed, the process proceeds to step S368.
- step S368 in the application processor 614, the I2C/I3C master 651 determines whether the timer started in step S361 has timed out. If it is determined in step S368 that the timer has not timed out, the process returns to step S363, and the same process is repeated thereafter.
- step S368 determines whether the timer has timed out. If it is determined in step S368 that the timer has timed out, the process proceeds to step S369.
- step S369 the application processor 614 sets the Error register (Timeout) to 1, and stores the data of the extended packet header ePH and the extended packet footer ePF in the Error-related registers.
- step S369 After the process of step S369, or if it is determined in step S362 or S364 that an ACK response has not been received from the I2C/I3C slave 644 of the SerDes device 613 on the master side, the process proceeds to step S370.
- step S370 in the application processor 614, the I2C/I3C master 651 issues a stop command.
- the Sequence A_Read_CMD (during AP) process ends, and the communication process itself ends.
- FIG. 55 is a flowchart explaining the Sequence C (during AP) processing performed in step S367 of FIG.
- the processing performed by the application processor 614 will be described as an example, but the same processing can also be performed in the SerDes device 612 on the slave side.
- step S381 in the application processor 614, the I2C/I3C master 651 determines whether or not the timer started in step S361 of FIG. If it is determined in step S381 that the timeout has occurred, the process proceeds to step S382, and in the application processor 614, the I2C/I3C master 651 performs a polling operation.
- step S383 in the application processor 614, the I2C/I3C master 651 determines whether or not the Status register value of the read command is 1.
- step S383 If it is determined in step S383 that the Status register value of the read command is 1, the process proceeds to step S384. In step S384, the application processor 614 performs read access, and then the process returns to step S339 in FIG.
- step S383 determines whether the Status register value of the read command is 1 (other than 1), the process proceeds to step S385.
- step S385 the application processor 614 sets the Error register (Timeout) to 1, and stores the data of the extended packet header ePH and the extended packet footer ePF in the Error-related registers.
- step S386 in the application processor 614, the I2C/I3C master 651 issues a stop command. In this case, the communication process itself is terminated as well as the Sequence C (during AP) process.
- FIG. 56 is a flowchart for explaining the Sequence B (SerDes (Slave)) processing performed in steps S324 and S334 of FIG.
- Sequence B SerDes (Slave)
- FIG. 56 the processing performed by the SerDes device 612 on the slave side will be described as an example.
- Processing and Sequence B (at SerDes (Master)) processing in step S332 of FIG. 52 are performed in the same manner.
- step S391 in the slave-side SerDes device 612, the CCI-FS processing unit 636 confirms the Source ID of the slave-side SerDes device 612 and the DestinationSID of the extended packet header ePH.
- step S392 in the slave-side SerDes device 612, the CCI-FS processing unit 636 determines whether the Source ID of the slave-side SerDes device 612 and the DestinationSID of the extended packet header ePH do not match.
- step S392 If it is determined in step S392 that the Source ID of the SerDes device 612 on the slave side and the Destination SID of the extended packet header ePH do not match, the process proceeds to step S393.
- step S393 in the slave-side SerDes device 612, the CCI-FS processing unit 636 confirms the Destination SID of the slave-side SerDes device 612 and the Destination SID of the extended packet header ePH.
- step S394 in the slave-side SerDes device 612, the CCI-FS processing unit 636 determines whether the Source ID of the slave-side SerDes device 612 matches the DestinationSID of the extended packet header ePH.
- step S394 If it is determined in step S394 that the Source ID of the SerDes device 612 on the slave side matches the Destination SID of the extended packet header ePH, the process proceeds to step S395.
- step S395 in the SerDes device 612 on the slave side, the CCI-FS processing unit 636 confirms the Message Counter from the contents of the extended packet header ePH.
- step S396 in the SerDes device 612 on the slave side, the CCI-FS processing unit 636 matches the Message Counter in the SerDes device 612 on the slave side with the received value of the Message Counter confirmed from the content of the extended packet header ePH. Determine whether or not
- step S396 If it is determined in step S396 that the Message Counter in the SerDes device 612 on the slave side matches the received value of the Message Counter confirmed from the contents of the extended packet header ePH, the process proceeds to step S397.
- step S397 in the slave-side SerDes device 612, the CCI-FS processing unit 636 converts the CRC calculation result calculated from the extension packet header ePH in the slave-side SerDes device 612 and the reception value (ePF0) of the extension packet footer ePF and
- step S398 it is determined whether or not the received value (ePF0) of the extension packet footer ePF and the CRC calculation result match, and if it is determined that they match, the process returns to step S325 in FIG.
- step S392 if it is determined in step S392 that the Source ID of the SerDes device 612 on the slave side and the Destination SID of the extended packet header ePH do not match (match), the process proceeds to step S399.
- steps S399 to S402 the same processing as in steps S395 to S398 is performed.
- step S402 If it is determined in step S402 that the received value (ePF0) of the extension packet footer ePF matches the CRC calculation result, the process proceeds to step S403. In step S403, write access is made to the register 637 of the SerDes device 612 on the slave side.
- step S394 If it is determined in step S394 that the Source ID of the SerDes device 612 on the slave side and the Destination SID of the extended packet header ePH do not match, the process proceeds to step S404.
- step S404 in the SerDes device 612 on the slave side, the CCI-FS processing unit 636 sets the Error register [2] (Routing) to 1, and stores the data of the extended packet header ePH and the extended packet footer ePF in the Error-related registers. Store.
- step S398 or S402 If it is determined in step S398 or S402 that the received value (ePF0) of the extension packet footer ePF and the CRC calculation result do not match, the process proceeds to step S405.
- step S405 in the SerDes device 612 on the slave side, the CCI-FS processing unit 636 sets 1 in the Error register (CRC) and stores the data of the extended packet header ePH and the extended packet footer ePF in the Error-related registers.
- CRC Error register
- step S396 or S400 If it is determined in step S396 or S400 that the Message Counter in the SerDes device 612 on the slave side does not match the received value of the Message Counter confirmed from the content of the extended packet header ePH, the process proceeds to step S406. .
- step S406 in the SerDes device 612 on the slave side, the CCI-FS processing unit 636 sets 1 in the Error register (MC) and stores the data of the extended packet header ePH and the extended packet footer ePF in the Error-related registers.
- MC Error register
- FIG. 57 is a flowchart for explaining the Sequence A_Read_Data (during AP) processing performed in step S339 of FIG.
- the processing performed by the application processor 614 will be described as an example, but the Sequence A_Read_Data (when SerDes (Slave)) processing in step S336 of FIG. 52 is performed in the same manner.
- step S411 in the application processor 614, the I2C/I3C master 651 issues a start command and a slave address (Slave Address+W8-bit shown in FIG. 48).
- step S412 the application processor 614 determines whether the I2C/I3C master 651 has received an ACK response from the I2C/I3C slave 644 of the SerDes device 613 on the master side. If it is determined in step S412 that an ACK response has been received from the I2C/I3C slave 644 of the SerDes device 613 on the master side, the process proceeds to step S413.
- step S413 in the application processor 614, the I2C/I3C master 651 issues a start command and slave address (Slave Address+R8-bit shown in FIG. 48) to start the timer.
- start command and slave address Slave Address+R8-bit shown in FIG. 48
- step S414 the application processor 614 determines whether the I2C/I3C master 651 has received an ACK response from the I2C/I3C slave 644 of the SerDes device 613 on the master side. If it is determined in step S414 that an ACK response has been received from the I2C/I3C slave 644 of the SerDes device 613 on the master side, the process proceeds to step S415.
- step S415 in the application processor 614, the I2C/I3C master 651 acquires read data from the opposing I2C/I3C slave 644 on the application processor 614 side.
- step S416 it is determined whether or not the I2C/I3C master 651 of the application processor 614 has transmitted an ACK, and the I2C/I3C slave 644 opposite to the application processor 614 has received an ACK.
- step S416 If it is determined in step S416 that the I2C/I3C master 651 of the application processor 614 has transmitted an ACK and that the I2C/I3C slave 644 on the side of the application processor 614 has received an ACK, the process proceeds to step S417. move on.
- step S417 it is determined whether or not the I2C/I3C master 651 of the application processor 614 has transmitted a NACK following the completion of the final data transfer.
- step S417 If it is determined in step S417 that NACK transmission has been performed, the process proceeds to step S418.
- step S4108 in the application processor 614, the I2C/I3C master 651 issues a stop command. This completes the Sequence A_Read_Data (during AP) process, and the process returns to step S340 in FIG.
- step S417 determines whether NACK transmission has been performed. If it is determined in step S417 that NACK transmission has not been performed, the process proceeds to step S419.
- step S419 in the application processor 614, the I2C/I3C master 651 determines whether the timer started in step S413 has timed out. If it is determined in step S419 that the timer has not timed out, the process returns to step S415, and the same process is repeated thereafter.
- step S419 determines whether the timer has timed out. If it is determined in step S419 that the timer has timed out, the process proceeds to step S420.
- step S420 the application processor 614 sets the Error register (Timeout) to 1, and stores the data of the extended packet header ePH and the extended packet footer ePF in the Error-related registers.
- step S420 After the process of step S420, or if it is determined in step S414 that an ACK response has not been received from the I2C/I3C slave 644 of the SerDes device 613 on the master side, the process proceeds to step S421. Similarly, in step S416, it was determined that the I2C/I3C master 651 of the application processor 614 did not transmit ACK, or that the opposite I2C/I3C slave 644 on the application processor 614 side did not receive ACK. If so, the process proceeds to step S421.
- step S421 in the application processor 614, the I2C/I3C master 651 issues a stop command.
- the Sequence A_Read_Data (during AP) processing ends, and the communication processing itself ends.
- the access timing from the I2C/I3C master 634 to the I2C/I3C slave 621 and the I2C/I3C slave 644 of the SerDes device 613 on the master side are There are three combinations of access timing from the I2C/I3C master 651 to the I2C/I3C slave 644 when outputting (see FIG. 48).
- the first access timing is polling until the read data is acquired, and the I2C/I3C master starts read processing after the read data read preparation is completed.
- the I2C/I3C master starts read processing after a certain period of time has passed.
- the third access timing uses the Clock Stretch method (see FIG. 72, which will be described later), and the I2C/I3C master starts read processing after a certain period of time has passed. There is also a form in which data is sent in pieces (asserting the Clock Stretch Mode signal).
- ⁇ Configuration example of extended packet header ePH> 58 to 60 are diagrams showing configuration examples of the extension packet header ePH.
- FIG. 58 shows a detailed configuration example of the extended packet header ePH0, extended packet header ePH1, and extended packet header ePH2.
- the content of the extended packet header ePH is specified for CCI-FS by diverting the ePH structure in C-PHY and D-PHY.
- FIG. 59 shows a detailed configuration example of the extended packet header ePH3.
- the contents of the extended packet header ePH are defined for CCI-FS.
- FIG. 60 shows a detailed configuration example of the extended DT of the extended packet header ePH.
- "0xC0: For I2C” and "0xC1: For I3C” are added to the data type of the extended packet header ePH to support CCI-FS.
- FIG. 61 shows a configuration example of conventional I2C hardware.
- an I2C configuration example in the case of a bus connection configuration is shown at the time of hardware implementation, and the slave side may be configured to receive AKC/NACK from the host.
- the upper bus configurations do not necessarily match.
- FIG. 62 shows waveforms during data transfer on the I2C bus. Note that the I2C bus standard and CCI (I2C) are equivalent.
- FIG. 63 is a block diagram showing a CCI-related configuration example in a communication system 701 having an A-PHY direct connection configuration, like the communication system 501 shown in FIG. 27 above.
- an image sensor 711 and an application processor 712 are directly connected by A-PHY.
- the image sensor 711 includes an A-PHY processing unit 721, a CSIA processing unit 722, a CSI2 processing unit 523, a CSI2-FS processing unit 724, a CCI processing unit 725, a CCI-FS processing unit 726, a register 727, and a selector 728-1. and 728-2.
- selectors 728-1 and 728-2 are arranged to sandwich the CCI-FS processing unit 726, and enable/disable the CCI-FS processing unit 726 according to the CCI_FS_Enable signal of the register 727. can be done.
- the application processor 712 includes an A-PHY processing unit 731, a CSIA processing unit 732, a CSI2 processing unit 733, a CSI2-FS processing unit 734, a CCI processing unit 735, a CCI-FS processing unit 736, a register 737, and a selector 738-1. and 738-2. As shown, the selectors 738-1 and 738-2 are arranged to sandwich the CCI-FS processing unit 736, and switch enable/disable of the CCI-FS processing unit 736 according to the CCI_FS_Enable signal of the register 737. can be done.
- data is transmitted through the CCI-FS processing unit 726 and the CCI-FS processing unit 736 as indicated by the dashed-dotted arrows. are sent and received.
- the CCI-FS processing unit 726 and CCI-FS processing unit 736 are data is sent to and received from
- FIG. 64 shows an example of network connection form (topology) of A-PHY direct connection configuration and SerDes connection configuration.
- the application processor 801 is directly connected to the image sensor 802 via A-PHY, and the image sensor 802 can configure a connection form that is connected to the sensor 803 via I2C/I3C.
- the application processor 801 is connected to the master-side SerDes device 804 via I2C/I3C, and the master-side SerDes device 804 and the slave-side SerDes device 805 are connected via A-PHY.
- the SerDes device 805 on the slave side can configure a topology that connects to two sensors 806-1 and 806-2 via I2C/I3C.
- FIG. 65 is a block diagram showing an example of the circuit configuration of the CCI-FS processing section.
- a CCIFS processing unit 901 and a register 902 shown in FIG. 65 have a common configuration for the CCI-FS processing units and registers included in each device described above.
- the CCI-FS processing unit 901 has a CCI-FS switch, a register, etc. in the upper layer, and a CCI processing unit in the lower layer.
- the CCI-FS processing section 901 is configured with a CCI-FS transmitting section 911 and a CCI-FS receiving section 912 .
- Various register set value information is supplied from the register 902 to the CCI-FS processing unit 901 , and an error notification is supplied from the CCI-FS processing unit 901 to the register 902 .
- the CCI-FS transmission unit 911 comprises an extended packet header ePH generation unit 921, an extended packet footer ePF generation unit 922, and a Destination Address confirmation unit 923.
- the extended packet header ePH generation unit 921 has an MC generation unit 941 that generates a Message Counter and a Packet Length calculation unit 942 that calculates the packet length.
- the extended packet footer ePF generator 922 has an extended packet footer ePF1 generator 943 that generates the extended packet footer ePF1 and a CRC calculator 944 that calculates the CRC stored in the extended packet footer ePF0.
- the CCI-FS receiving unit 912 comprises an extended packet header ePH confirming unit 931, an extended packet footer ePF confirming unit 932, and a Destination Address confirming unit 933.
- the extended packet header ePH confirmation unit 931 has an MC confirmation unit 951 that confirms the Message Counter, and a Packet Length calculation/confirmation unit 952 that calculates and confirms the packet length.
- the extended packet footer ePF checking unit 932 has an extended packet footer ePF1 checking unit 953 that checks the extended packet footer ePF1, and a CRC calculator 954 that calculates the CRC stored in the extended packet footer ePF0.
- the CCI-FS processing unit 901 uses the CCI-FS transmission unit 911 to confirm the Destination Address of the data from the upper layer, generate the extended packet header ePH and the extended packet footer ePF, add them to the data, and can be supplied to
- the CCI-FS processing unit 901 can confirm the Destination Address of the data from the lower layer by the CCI-FS receiving unit 912, confirm the extended packet header ePH and the extended packet footer ePF, and supply them to the upper layer. can.
- the application processor 614 has a Source ID indicating its own device in the extended packet header ePH of the application processor 614. Then, the CCI-FS processing unit 653 adds the above information and information having a Destination ID indicating a device to be accessed.
- the SerDes device 612 on the slave side and the SerDes device 613 on the master side have Source IDs indicating their own devices, either by presetting them or as unique values.
- the CCI-FS processing unit 636 and the CCI-FS processing unit 646 preset the above information and information having a Destination ID indicating the connected device and the target device.
- the CCI-FS processing unit 636 and the CCI-FS processing unit 646 compare the Destination ID of the received extension packet header ePH with its own ID (Source ID), and indicate access to itself or the target device. (Destination ID). For example, when the Destination ID of the received extension packet header ePH matches its own ID (Source ID), it accesses its own register as an access to the intermediate device (SerDes device). On the other hand, if the Destination ID of the received extension packet header ePH does not match its own ID (Source ID), data is transferred to the connected device (Destination ID) as an access to the subsequent device.
- data is sent based on the Source ID and Destination ID embedded in the extended packet header ePH, the preset or unique value SourceID, and the preset connection destination information to the intermediate device (SerDes device) or target device. and access to the target device.
- the CSI2-FS processing unit 623 of the image sensor 611 accesses its own register as access to the image sensor 611 when the Destination ID of the received extension packet header ePH matches its own ID (Source ID). conduct.
- the Source ID that each device has can use a unique value for each device, a preset value, or a combination thereof.
- FIG. 66 to 68 are diagrams showing detailed configuration examples of the register 902.
- FIG. 66 to 68 are diagrams showing detailed configuration examples of the register 902.
- FIG. 66 shows the details of register 902 from address 0x000 to address 0x109.
- FIG. 67 shows a configuration example in the case of Bridge configuration as details from address 0x110 to address 0x125 of the register 902 .
- FIG. 68 shows Error-related registers as details of address 0x200 of register 902 .
- FIG. 68 shows Error-related registers (debug) as details of addresses 0x300 and 0x400 of register 902 .
- FIG. 68 shows the Error Injection related register (debug) as details of address 0x800 of register 902 .
- FIG. 69 shows a modification of the extended packet header ePH in the packet configuration of the write data generated by the CCI-FS processing unit 536 of the application processor 512 during write access, as described above with reference to FIG. It is shown.
- the extension packet header ePH shown in FIG. 69 differs from the configuration example shown in FIG. 33 described above in the configuration of extension packet header ePH3 and extension packet header ePH4.
- FIG. 70 shows a modification of the extended packet header ePH in the packet configuration of the write data generated in the CCI-FS processing unit 536 of the application processor 512 during read access, as described above with reference to FIG. It is shown.
- the extension packet header ePH shown in FIG. 70 differs from the configuration example shown in FIG. 28 in the configurations of extension packet header ePH3 and extension packet header ePH4.
- Read address information may be stored in the extended packet header ePH or in the AP (CCI) payload.
- the Length information may be stored in the extended packet header ePH or may be stored in the AP (CCI) payload.
- CMD information may be stored in the CCI Command ID of the extended packet header ePH. Based on the CCI Command ID, the start, resume, and end information of the command are referenced.
- CCI Header Length may be used to store CCI information (for example, Slave Address, etc.) in the AP (CCI) payload.
- CCI Header Length is information indicating the header length of the CCI protocol (I2C).
- FIG. 71 is a diagram explaining the flow between the image sensor 511 and the application processor 512 in the A-PHY direct connection configuration as shown in FIG.
- the CCI-FS switch 538 issues read commands and write commands.
- the CCI processing unit 535 converts them into AP (CCI) payloads and supplies them to the A-PHY processing unit 531 .
- the A-PHY processing unit 531 adds an A-PHY header and an A-PHY footer to the AP (CCI) payload, and performs A-PHY transfer to the image sensor 511 .
- the A-PHY processing unit 521 removes the A-PHY header and A-PHY footer and supplies the AP (CCI) payload to the CCI processing unit 525 .
- the CCI processing unit 525 converts the AP (CCI) payload, writes data to the register 527 according to the write command, and reads data from the register 527 according to the read command, based on the contents thereof.
- initial setting of CCI-FS Enable is performed by the CCI processing unit 525, and bus conversion such as register interface and AHB bus is performed. Confirmation of the CCI-FS Enable setting is performed via the CCI processing unit 525 or the CCI-FS processing unit 526 .
- the A-PHY processing unit 521 adds an A-PHY header and an A-PHY footer to the AP (CCI) payload, and performs A-PHY transfer to the application processor 512 .
- the A-PHY processing unit 531 removes the A-PHY header and APHY footer and supplies the AP (CCI) payload to the CCI processing unit 535 .
- the CCI-FS switch 538 performs CCI-FS Enable setting and various CCI-FS related register settings for the register 537 . At this time, the register access depends on the implementation.
- the CCI-FS switch 538 sends a CCI-FS related Set various registers.
- the CCI-FS switch 538 issues a read command.
- the A-PHY processing unit 531 adds an A-PHY header and an A-PHY footer to them and performs A-PHY transfer to the image sensor 511 .
- the CCI-FS processing unit 526 converts the AP (CCI) payload, and reads data from the register 527 according to the read command based on the contents thereof.
- register access depends on the implementation, and bus conversion such as register interface, AHB bus, and CCI interface is performed.
- the A-PHY processing unit 521 adds an A-PHY header and an A-PHY footer to them, and performs A-PHY transfer to the application processor 512 .
- the footer ePF0 is supplied to the CCI-FS processing unit 536.
- I2C/I3C generation by software Slave Address, Register address, Payload, ACK response reception, transmission, various control codes (S, Sr, ACK, NACK, P) are generated by software (for example, GPIO control image).
- I2C/I3C command generation by software CPU issues Slave Address, Register address, Payload in response to ACK reception by CPU bus setting.
- transfer settings and data are set in the I2C/I3C HW IP as I2C/I3C generation in hardware.
- Various control codes are automatically responded by hardware.
- As an I2C/I3C command generation in hardware set data in the transfer setting to HW IP of I2C/I3C and send it by command.
- Various control codes are automatically responded by hardware.
- FIG. 72 is a diagram explaining the flow using the Clock Stretch method in Write access and Read access between the image sensor 611 and the application processor 614 in the SerDes connection configuration as shown in FIG.
- the CCI-FS switch 655 of the application processor 614 supplies the start command and write command (Slave Address+W 8bit) to the CCI processing unit 645 of the master-side SerDes device 613 and asserts the Scl_enb signal.
- the CCI processing unit 645 supplies the write command to the A-PHY processing unit 641, and the A-PHY processing unit 641 adds the A-PHY header and A-PHY footer to the write command. , A-PHY transfer to the SerDes device 612 on the slave side.
- the A-PHY processing unit 631 removes the A-PHY header and A-PHY footer and supplies the write command to the CCI processing unit 635 (Slave).
- the CCI processing unit 635 (Slave) negates the Scl_enb signal and supplies a write command to the CCI processing unit 635 (Master).
- the CCI processing unit 635 that communicates with the SerDes device 613 on the master side and functions as a slave is called a CCI processing unit 635 (Slave), and the CCI processing that communicates with the image sensor 611 side and functions as a master.
- the unit 635 is called a CCI processing unit 635 (master).
- the CCI processing unit 635 (Master) transmits a start command and a write command to the image sensor 611.
- the CCI processing unit 622 receives the start command and the write command and supplies them to the CSI2-FS processing unit 623.
- the CSI2-FS processing unit 623 supplies an ACK response indicating successful reception to the CCI processing unit 622, and the CCI processing unit 622 transmits the ACK response to the SerDes device 612 on the slave side.
- the CCI processing unit 635 (Master) receives the ACK response and the Scl_enb signal is negated from the CCI processing unit 635 (Slave), the ACK response is supplied to the CCI-FS processing unit 636. . After that, the CCI processing unit 635 (Slave) asserts the Scl_enb signal to the CCI processing unit 635 (Master).
- the CCI-FS processing unit 636 supplies the ACK response to the A-PHY processing unit 631.
- the A-PHY processing unit 631 adds an A-PHY header and an A-PHY footer to the ACK response, and performs A-PHY transfer to the SerDes device 613 on the master side.
- the A-PHY processing unit 641 removes the A-PHY header and A-PHY footer and supplies the ACK response to the CCI processing unit 645 .
- the CCI-FS switch 655 of the application processor 614 negates the Scl_enb signal to the CCI processing unit 645
- the CCI processing unit 645 transmits an ACK response to the application processor 614 .
- the CCI processing unit 652 receives the ACK response and supplies it to the CCI-FS switch 655 via the CCI-FS processing unit 653.
- the CCI-FS switch 655 of the application processor 614 supplies the register address (Register Address[7:0]) to the CCI processing unit 645 of the SerDes device 613 on the master side, and asserts the Scl_enb signal.
- the CCI processing unit 645 supplies the register address to the A-PHY processing unit 641, and the A-PHY processing unit 641 adds the A-PHY header and A-PHY footer to the register address. , A-PHY transfer to the SerDes device 612 on the slave side.
- the A-PHY processing unit 631 removes the A-PHY header and A-PHY footer and supplies the register address to the CCI processing unit 635 (Slave).
- the CCI processing unit 635 (Slave) negates the Scl_enb signal and supplies the register address to the CCI processing unit 635 (Master).
- the CCI processor 635 (Master) transmits the register address to the image sensor 611 . After that, the CCI processing unit 635 (Slave) asserts the Scl_enb signal to the CCI processing unit 635 (Master).
- the CCI processing unit 622 receives the register address and supplies it to the CSI2-FS processing unit 623.
- the CSI2-FS processing unit 623 supplies an ACK response indicating successful reception to the CCI processing unit 622, and the CCI processing unit 622 transmits the ACK response to the SerDes device 612 on the slave side.
- the CCI processing unit 635 (Slave) asserts the Scl_enb signal to the CCI processing unit 635 (Master).
- the CSI2-FS processing unit 623 supplies an ACK response indicating successful reception to the CCI processing unit 622, and the CCI processing unit 622 transmits the ACK response to the SerDes device 612 on the slave side.
- the CCI-FS switch 655 of the application processor 614 supplies the write data (Dara0[7:0]) to the CCI processing unit 645 of the SerDes device 613 on the master side and asserts the Scl_enb signal.
- the CCI processing unit 645 supplies the write data to the A-PHY processing unit 641, and the A-PHY processing unit 641 adds an A-PHY header and an A-PHY footer to the write data. , A-PHY transfer to the SerDes device 612 on the slave side.
- the CCI processing unit 645 receives the write data, and supplies the write data to the A-PHY processing unit 641 when the Scl_enb signal is asserted from the CCI-FS switch 655 .
- the CSI2-FS processing unit 653 negates the Scl_enb signal to the CCI processing unit 645 under the control of the CCI-FS switch 655 .
- the A-PHY processing unit 641 adds an A-PHY header and an A-PHY footer to the write data, and performs A-PHY transfer to the SerDes device 612 on the slave side.
- the A-PHY processing unit 631 removes the A-PHY header and A-PHY footer and supplies the write data to the CCI processing unit 635 .
- the CCI processing unit 635 negates the Scl_enb signal and supplies write data to the CCI processing unit 635 (master).
- the CCI processing unit 635 (master) transmits write data to the image sensor 611 .
- the CCI processing unit 635 (Slave) asserts the Scl_enb signal to the CCI processing unit 635 (Master).
- the CCI processing unit 622 receives the write data and supplies it to the CSI2-FS processing unit 623, and the CSI2-FS processing unit 623 writes the write data to the register 624.
- the CSI2-FS processing unit 623 supplies an ACK response indicating that the write data has been successfully written to the CCI processing unit 622, and the CCI processing unit 622 transmits the ACK response to the SerDes device 612 on the slave side.
- the CCI-FS processing unit 653 transmits the extended packet footer ePF0 to the SerDes device 613 on the master side under the control of the CCI-FS switch 655.
- the CCI processing unit 645 receives the extension packet footer ePF0, and when the Scl_enb signal is asserted from the CCI-FS switch 655, supplies the extension packet footer ePF0 to the A-PHY processing unit 641. . After that, the CCI-FS switch 655 negates the Scl_enb signal to the CCI processor 645 .
- the A-PHY processing unit 641 adds an A-PHY header and an A-PHY footer to the extension packet footer ePF0, and performs A-PHY transfer to the SerDes device 612 on the slave side.
- the A-PHY processing unit 631 removes the A-PHY header and A-PHY footer and supplies the extension packet footer ePF0 to the CCI-FS processing unit 636.
- the CCI-FS processing unit 636 negates the Scl_enb signal and supplies the extended packet footer ePF0 to the CCI processing unit 635 (Master).
- the CCI processing unit 635 (master) transmits the extended packet footer ePF0 to the image sensor 611 .
- the CCI processing unit 635 (Slave) asserts the Scl_enb signal to the CCI processing unit 635 (Master).
- the CSI2-FS processing unit 623 receives the extended packet footer ePF0.
- the CSI2-FS processing unit 623 supplies an ACK response indicating successful reception to the CCI processing unit 622, and the CCI processing unit 622 transmits the ACK response to the SerDes device 612 on the slave side.
- the CCI-FS switch 655 of the application processor 614 supplies the repeat start command and read command (Slave Address+R 8bit) to the CCI processing unit 645 of the SerDes device 613 on the master side, and asserts the Scl_enb signal.
- the CCI processing unit 645 supplies the read command to the A-PHY processing unit 641, and the A-PHY processing unit 641 adds the A-PHY header and A-PHY footer to the read command. , A-PHY transfer to the SerDes device 612 on the slave side.
- the A-PHY processing unit 631 removes the A-PHY header and A-PHY footer and supplies the read command to the CCI processing unit 635 (Slave).
- the CCI processing unit 635 (Slave) negates the Scl_enb signal and supplies a read command to the CCI processing unit 635 (Master).
- the CCI processing unit 635 (master) transmits the repeat start command and read command to the image sensor 611 .
- the CCI processing unit 622 receives the repeat start command and read command and accesses the register 624.
- the CCI processing unit 622 transmits an ACK response indicating successful reception to the SerDes device 612 on the slave side.
- the CCI processing unit 622 reads the read data (Data0[7:0]) from the register 624 and transmits it to the SerDes device 612 on the slave side.
- the CCI processing unit 635 (Master) receives the read data and supplies it to the CCI processing unit 635 (Slave), and the CCI processing unit 635 (Slave) performs A-PHY processing on the read data. 631.
- the A-PHY processing unit 631 adds an A-PHY header and an A-PHY footer to the read data, and performs A-PHY transfer to the SerDes device 613 on the master side.
- the A-PHY processing unit 641 removes the A-PHY header and A-PHY footer and supplies the read data to the CCI processing unit 645 , and the CCI processing unit 645 sends the read data to the application processor 614 . Send read data.
- the CCI processing unit 652 receives the read data and supplies it to the CCI-FS switch 655 via the CCI-FS processing unit 653.
- the CCI-FS switch 655 transmits a NACK response and a stop command to the CCI processing section 645.
- the CCI processing section 645 supplies the NACK response and the stop command to the A-PHY processing section 641 .
- the A-PHY processing unit 641 adds an A-PHY header and an A-PHY footer to the NACK response and stop command, and performs A-PHY transfer to the SerDes device 612 on the slave side.
- the A-PHY processing unit 631 removes the A-PHY header and A-PHY footer and supplies the NACK response and stop command to the CCI processing unit 635 (Slave).
- the CCI processing unit 635 (Slave) supplies the NACK response and the stop command to the CCI processing unit 635 (Master), and the CCI processing unit 635 (Master) transmits the NACK response and the stop command to the image sensor 611 .
- the CCI processing unit 622 receives the NACK response and the stop command and supplies them to the CSI2-FS processing unit 623.
- I2C control commands such as start, repeat start, ACK response, NACK response, and stop are assigned to a 1-byte Payload by setting the Control Code Indicator of the extended packet header ePH0 to 1. shows each code.
- FIG. 73 is a block diagram showing a configuration example of the configuration in which the image sensor 211 shown in FIG. In the image sensor 211 shown in FIG. 73, the same components as those of the image sensor 211 shown in FIG.
- CCI-FS processing unit 1001 is arranged between CCI slave 224 and register 47, and MUX units 1002-1 and 1002-2 are arranged so as to sandwich CCI-FS processing unit 1001.
- MUX units 1002-1 and 1002-2 transmit and receive data via CCI-FS processing unit 1001 when CCI-FS processing unit 1001 is enabled according to the cci_fs_en signal supplied from register 47.
- MUX units 1002-1 and 1002-2 transmit and receive data without going through CCI-FS processing unit 1001 when CCI-FS processing unit 1001 is disabled according to the cci_fs_en signal supplied from register 47. do.
- FIG. 74 is a block diagram showing a configuration example in which the application processor 214 shown in FIG. In the application processor 214 shown in FIG. 74, components common to those of the application processor 214 shown in FIG.
- CCI-FS processing unit 1101 is arranged between CCI master 254 and register 73, and MUX units 1102-1 and 1102-2 are arranged so as to sandwich CCI-FS processing unit 1101. .
- the MUX units 1102-1 and 1102-2 transmit and receive data via the CCI-FS processing unit 1101 according to the cci_fs_en signal supplied from the register 73 when the CCI-FS processing unit 1101 is enabled.
- the MUX units 1102-1 and 1102-2 transmit and receive data without going through the CCI-FS processing unit 1101 when disabling the CCI-FS processing unit 1101 according to the cci_fs_en signal supplied from the register 73. do.
- the following configuration may be adopted for the method of implementing each field in the configuration of the extended packet header ePH.
- the extended VC shall not be used in Safe CCI. (The same structure is used to match the header field with the extension header related in MIPI)
- ⁇ In the extension DT it may be embedded in the command related information of the bus from the upper level, or the signal line setting from the register setting is implemented. may be configured. ⁇ The protocol is described in I2C, but the same can be done in I3C SDR mode.
- FIG. 75 A fourth embodiment of a communication system to which the present technology is applied will be described with reference to FIGS. 75 to 117.
- FIG. 75 A fourth embodiment of a communication system to which the present technology is applied will be described with reference to FIGS. 75 to 117.
- FIG. 75 is a block diagram of a communication system according to the fourth embodiment.
- FIG. 75A shows a communication system 1201 as a first variation
- FIG. 75B shows a communication system 1201A as a second variation.
- a communication system 1201 shown in A of FIG. 75 is configured by directly connecting an image sensor 1211 and an application processor 1212 .
- the ALL layer 1222 is arranged on the A-PHY layer 1221, and the CSI-2 transmission section 1223 and the CSI extension section 1224, and the CCI slave 1225 and the CCI extension section 1226 are arranged thereon. It is configured.
- the image sensor 1211 can support extended standards by providing a CSI extension unit 1224 for the CSI-2 transmission unit 1223 and a CCI extension unit 1226 for the CCI slave 1225. becomes.
- the application processor 1212 has an ALL layer 1232 placed above the A-PHY layer 1231, above which are placed a CSI-2 receiver 1233 and a CSI extension 1234, and a CCI master 1235 and a CCI extension 1236. It is configured.
- the application processor 1212 can support extended standards by providing a CSI extension unit 1234 for the CSI-2 reception unit 1233 and a CCI extension unit 1236 for the CCI master 1235. becomes.
- CSI extensions may also be referred to as Camera Service Extensions (CSE).
- a communication system 1201A shown in FIG. 75B is configured by connecting a display 1213 and an application processor 1212A.
- the application processor 1212A is configured with a DSI-2 transmission unit 1233A and a DSI extension unit 1234A instead of the CSI-2 reception unit 1233 and the CSI extension unit 1234 of the application processor 1212 of A of FIG.
- Other blocks have a common configuration with the application processor 1212 .
- a display 1213 has an ALL layer 1242 arranged on an A-PHY layer 1241, and a DSI-2 receiving section 1243 and a DSI extension section 1244 as well as a CCI slave 1245 and a CCI extension section 1246 arranged thereon. It has become.
- the display 1213 can correspond to the extended standards by providing a DSI extension section 1244 for the DSI-2 reception section 1243 and a CCI extension section 1246 for the CCI slave 1245. Become.
- DSI extensions may also be referred to as Display Service Extensions (DSE).
- the communication systems 1201 and 1201A configured in this way perform high-speed data transmission for transmitting data of frames including image data in one direction, and low-speed command transmission for transmitting commands related to high-speed data transmission in the opposite direction (however, Transmission of the command itself may be referred to as command transmission, and transmission of a response to the command may be referred to as command transmission).
- Transmission of the command itself may be referred to as command transmission
- transmission of a response to the command may be referred to as command transmission
- high-speed data transmission start instruction requesting the start of high-speed data transmission is transmitted, but this need not be the case.
- high-speed data transmission is faster than low-speed command transmission, and is started in response to the reception of a high-speed data transmission start command, but this need not be the case.
- the communication system 1201 in which the communication partner of the application processor 1212 is the image sensor 1211 and the communication system 1201A in which the communication partner of the application processor 1212A is the display 1213 differ in the direction of high-speed data transmission and low-speed command transmission. That is, image data is transmitted from the image sensor 1211 to the application processor 1212 in the communication system 1201, and image data is transmitted from the application processor 1212A to the display 1213 in the communication system 1201A.
- A-PHY In the physical layer standard A-PHY, high-speed data transmission and low-speed command transmission are transmitted partially or entirely through a common communication path.
- A-PHY also enables part or all of the power supply from the application processor 1212 to the image sensor 1211 and the power supply from the application processor 1212A to the display 1213 to be transmitted via a common communication path. Support options.
- low-speed command transmission conforms to CCI of the CSI-2 standard, for example, and communication is performed based on the I2C or I3C standard.
- the low-speed command transmission uses not only the independent physical layer of I2C or I3C, but also part or all of the physical layer of D-PHY, C-PHY, and A-PHY to transmit the command.
- high-speed data transmission transmits data through some or all of the physical layers of D-PHY, C-PHY, and A-PHY.
- commands are transmitted through part or all of the physical layer of either D-PHY or C-PHY. It is possible to That is, high-speed data transmission and low-speed command transmission can be transmitted partially or wholly through any one of D-PHY, C-PHY, A-PHY, I2C, and I3C physical layers.
- USB Unified Serial Link
- FIG. 75 a configuration example including application processors 1212 and 1201A has been described, but the communication systems 1201 and 1201A may be configured including an electronic control unit (ECU), for example.
- the processor is not limited to the application processor 1212 as long as it can communicate with the image sensor 1211, the display 1213, or the like through direct connection or indirect connection.
- a configuration including various sensors other than the image sensor 1211 may be employed.
- Communication systems 1201 and 1201A configured in this manner employ a method of transmitting nonce values or an initialization vector configuration including nonce values as described below.
- certain symmetric-key cryptographic algorithms eg, AES-GCM/GMAC
- AES-GCM/GMAC symmetric-key cryptographic algorithms
- the rules for setting initialization vectors and nonce values are agreed in advance between the image sensor 1211 and the application processor 1212 or between the display 1213 and the application processor 1212A.
- the present technology provides a method of transmitting a nonce value or an initialization vector configuration including a nonce value suitable for an imaging device that conforms to the CSI standard, including the image sensor 1211, or a display device that conforms to the DSI standard, including the display 1213. disclose.
- FIG. 76 is a block diagram showing a detailed configuration example of the image sensor 1211. As shown in FIG.
- the image sensor 1211 includes pixels 1301, an AD converter 1302, an image processing unit 1303, an extension mode compatible CSI-2 transmission circuit 1304, a physical layer processing unit 1305, an I2C/I3C slave 1306, a storage unit 1307, a message counter 1308, and a nonce update. It is composed of a unit 1309 and a security unit 1310 . Note that the pixel 1301, AD converter 1302, image processing unit 1303, extended mode compatible CSI-2 transmission circuit 1304, physical layer processing unit 1305, I2C/I3C slave 1306, and storage unit 1307 are similar to those of the other embodiments described above. are configured in the same manner as corresponding blocks in , and detailed description thereof will be omitted.
- the message counter 1308 updates the message count value within the image sensor 1211 each time an extension packet that satisfies a predetermined count condition is transmitted.
- the security unit 1310 derives a session key in the image sensor 1211 and provides first protection data (e.g., integrity computation value computed to protect integrity, confidentiality protection) of data transmitted at high speed data. (encrypted data for the session) is generated using the session key.
- first protection data e.g., integrity computation value computed to protect integrity, confidentiality protection
- the nonce update unit 1309 updates the nonce (number used once) value in the image sensor 1211 each time the security unit 1310 generates the first protection data.
- the image sensor 1211 configured in this manner performs high-speed data transmission of part or all of the nonce value and part or all of the message count value to the application processor 1212 .
- some or all of the nonce values may be count values or random numbers.
- Part or all of the nonce value is stored outside the extension packet header and transmitted, and the image data is stored and transmitted within the packet data.
- the message counter 1308 and the nonce updater 1309 may be configured separately or integrally.
- updating of the nonce value and message count value can be asynchronous. This allows greater flexibility in the nonce value and message count value.
- the message counter 1308 and the nonce updater 1309 are integrated, updating of the nonce value and the message count value can be synchronized.
- the bit width of the message counter 1308 can be saved by sharing the message count value with part or all of the nonce value. That is, the message counter 1308 may be part or all of the nonce update unit 1309, and part or all of the nonce update unit 1309 may be shared.
- FIG. 77 is a block diagram showing a detailed configuration example of the application processor 1212. As shown in FIG.
- the application processor 1212 comprises a physical layer processing unit 1321, an extended mode compatible CSI-2 receiving circuit 1322, an I2C/I3C master 1323, a storage unit 1324, a data verification unit 1325, a security unit 1326, and a controller 1327.
- the physical layer processing unit 1321, the extended mode compatible CSI-2 receiving circuit 1322, the I2C/I3C master 1323, and the storage unit 1324 are configured in the same manner as the corresponding blocks in the other embodiments described above. detailed description is omitted.
- the data verification unit 1325 verifies the validity of the nonce value or message count value transmitted from the image sensor 1211 to the application processor 1212 .
- the security unit 1326 derives a session key within the application processor 1212 corresponding to the session key within the image sensor 1211, and uses the session key within the application processor 1212 to verify the first protected data of the image data (integrity verification). ) or decrypt.
- the data verification unit 1325 can verify the continuity when the data to be verified is a count value. Further, the data verification unit 1325 may be configured to include a counter, and comparison verification may be performed by updating the count value in the same manner as the image sensor 1211 . In addition, when the data to be verified is a random number, the data verification unit 1325 may verify its randomness. Note that the data verification unit 1325 includes a nonce update unit 1309 (or a message counter), which may be used to verify or decrypt the first protected data, and may be used to verify data to be verified. .
- the image sensor 1211 and application processor 1212 can be configured to be mounted on a desired mobile device.
- the mobile device may be a portable mobile device, such as a mobile phone, smart phone, digital camera, game device, or the like.
- the mobile device may be a propulsion device, and may be, for example, a vehicle, robot, drone, or the like capable of propulsion (any of movable, running, walking, flying, etc.).
- the mobile device may be an autonomous vehicle, an autonomous robot, an autonomous drone, or the like, which is equipped with an AI (Artificial Intelligence) function and capable of autonomous propulsion.
- the propulsion of the propulsion device may be controlled by the user of the propulsion device, and the propulsion device may provide instructions or warnings to the user as necessary.
- the propulsion device may be configured such that the propulsion device automatically controls the propulsion of the propulsion device.
- the security units 1310 and 1326 may each include, for example, a security calculation unit that performs calculations for protecting image data. Therefore, the security units 1310 and 1326 perform encryption operation, decryption operation, hash value operation, message authentication code operation, digital signature operation, ID (identification) authentication, firmware measurement, encryption session key establishment, and so on. , key exchange, key update, etc.
- any one of the security units 1310 and 1326, the nonce update unit 1309, the message counter 1308, and the data verification unit 1325 can be configured to be electrically directly connected to the memory.
- This memory may be electrically connected directly to the register, and any one of security units 1310 and 1326, nonce update unit 1309, message counter 1308, and data verification unit 1325 is electrically connected directly to the register.
- the memory may be memory that is protected from either disclosure or tampering with information in memory. Such memories and registers are used as storage units 1307 and 1324, respectively.
- Storage units 1307 and 1324 store key information (for example, pre-shared key, secret key, public key, or session key), certificates (for example, root certificate, intermediate certificate, or leaf certificate), encryption algorithm Any such information may be stored.
- Storage units 1307 and 1324 store function information of the image sensor 1211 or application processor 1212, ID information of the image sensor 1211 or application processor 1212 (for example, source ID, destination ID, final destination ID, etc.), image sensor 1211 or application processor 1212 firmware information may be stored.
- Storage units 1307 and 1324 store session information (for example, session ID), calculation values of the security calculation unit (for example, initial value, intermediate value, or final value), initialization vector, nonce value, and message count value, which will be described later. , frame number (frame count value), or the like may be stored.
- any one of the security units 1310 and 1326, the nonce update unit 1309, the message counter 1308, and the data verification unit 1325 for example, the image sensor 1211 or the application processor 1212 can generate multiple nonce values, count values, and integrity calculation values. , encrypted information, etc., in the storage unit 1307 or 1324, it becomes possible to determine the presence or absence of a problem, and to take appropriate measures (for example, a request to resend data at the problem location, an abnormal message, etc.). transmission) is also possible. Also, if any of the nonce value, the count value, the integrity calculation value, the encrypted information, etc. is periodically saved in the protected storage unit 1307 or 1324, even if an accident of the mobile device occurs, In addition, the analysis of the protected storage unit 1307 or 1324 has the effect of facilitating identification of the cause of the accident.
- Requesters and responders ie application processor 1212 and image sensor 1211, can have one or more communication channels depending on the session.
- a session will be described below using an example configuration in which the application processor 1212 is the requester and the image sensor 1211 is the responder.
- application processor 1212 may be the responder and image sensor 1211 may be the requester.
- a session provides either encryption or message authentication, or both.
- a session includes, for example, three phases: a session handshake phase, an application phase, and a session termination phase.
- the session handshake stage starts with a key exchange request (either PSK_EXCHANGE or KEY_EXCHANGE) from the requester, derives a session key such as a session secret or an encryption key, and uses the session key to protect communications.
- the purpose of this stage may be to first build trust between the responder and the requestor before either side sends application data (eg, image data). Additionally, some degree of handshake integrity and synchronicity with the derived handshake secret may be guaranteed.
- the session may end immediately and proceed to session termination.
- a successful handshake is terminated, for example, by a finish response (FINISH_RSP or PSK_FINISH_RSP) from the responder and the application phase begins.
- a session reaches the application stage, where either the responder or the requestor may send application data once the handshake is complete and all validations have passed.
- the application phase ends, for example, when an end request (END_SESSION) is issued by the requester or when an error occurs.
- the next stage is the session termination stage.
- the session termination phase for example, is just an internal phase and there are no explicit messages sent or received. Both the requestor and responder discard or clean up session keys, such as all derived session secrets and encryption keys, when the session ends. Requestors and responders may have other internal data associated with this session that they may also wish to clean up.
- the session secret is used, for example, to derive the encryption key and salt used in the AEAD (Authenticated Encryption with Additional Data) function. Encryption key derivation may frequently use HMAC as defined in RFC2104 and HKDF-Expand described in RFC5869.
- a session secret may consist of a single secret or multiple types of secrets.
- a session key may consist of a single key or multiple types of keys.
- FIG. 78 is a flowchart describing a first processing example of communication processing.
- the extended mode compatible CSI-2 receiving circuit 1322 of the application processor 1212 has the functions of a CCI host (requester) and a CSI-2 host.
- the extension mode compatible CSI-2 transmission circuit 1304 of the image sensor 1211 has the functions of a CCI device (responder) and a CSI-2 device.
- the CCI host sends a request message to the CCI device, and upon receipt, the CCI device sends a response message to the CCI host.
- step S501 a GET_VERSION request and a VERSION response are made between the CCI host of the extended mode compatible CSI-2 receiving circuit 1322 and the CCI device of the extended mode compatible CSI-2 transmitting circuit 1304.
- the extended mode compatible CSI-2 receiving circuit 1322 acquires the SPDM (Security Protocol and Data Model) version of the endpoint.
- step S502 a GET_CAPABILITIES request and a CAPABILITIES response are made between the CCI host of the extended mode compatible CSI-2 receiving circuit 1322 and the CCI device of the extended mode compatible CSI-2 transmitting circuit 1304. Thereby, the extended mode compatible CSI-2 receiving circuit 1322 acquires the SPDM function of the endpoint.
- step S503 a NEGOTIATE_ALGORITHMS request and an ALGORITHMS response are made between the CCI host of the extended mode compatible CSI-2 receiving circuit 1322 and the CCI device of the extended mode compatible CSI-2 transmitting circuit 1304.
- the extended mode compatible CSI-2 receiving circuit 1322 negotiates with the extended mode compatible CSI-2 transmitting circuit 1304 on the encryption algorithm.
- step S504 a PSK_EXCHANGE request and a PSK_EXCHANGE_RSP response are made between the CCI host of the extended mode compatible CSI-2 receiving circuit 1322 and the CCI device of the extended mode compatible CSI-2 transmitting circuit 1304.
- extended mode compatible CSI-2 receiving circuit 1322 and extended mode compatible CSI-2 transmitting circuit 1304 derive session keys for CCI such as session secrets and encryption keys.
- step S505 a PSK_FINISH request and a PSK_FINISH_RSP response are made between the CCI host of the extended mode compatible CSI-2 receiving circuit 1322 and the CCI device of the extended mode compatible CSI-2 transmitting circuit 1304. This proves to the responder that the extension mode compatible CSI-2 receiving circuit 1322 knows the PSK (PSK: Pre-shared key) and that the session key for CCI derived in step S504 is correct.
- PSK PSK: Pre-shared key
- step S506 a PSK_EXCHANGE request and a PSK_EXCHANGE_RSP response are made between the CCI host of the extended mode compatible CSI-2 receiving circuit 1322 and the CCI device of the extended mode compatible CSI-2 transmitting circuit 1304.
- extended mode CSI-2 receiving circuit 1322 and extended mode CSI-2 transmitting circuit 1304 derive session keys for CSI-2 such as session secrets and encryption keys.
- step S507 a PSK_FINISH request and a PSK_FINISH_RSP response are made between the CCI host of the extended mode compatible CSI-2 receiving circuit 1322 and the CCI device of the extended mode compatible CSI-2 transmitting circuit 1304. This proves to the responder that the extension mode compatible CSI-2 receiving circuit 1322 knows the PSK (PSK: Pre-shared key) and that the session key for CSI-2 derived in step S506 is correct.
- PSK PSK: Pre-shared key
- the proof of the session key in steps S505 and S507 is realized by the MAC value calculated from the requester's finished_key and the message of this session.
- the session keys derived in steps S504 and S506 are then used to protect subsequent CCI and CSI-2 communications.
- step S508 the extended mode compatible CSI-2 receiving circuit 1322 supplies the CSI-2 session secret, session key, algorithm, and other parameters from the CCI host to the CSI-2 host.
- step S509 the extended mode compatible CSI-2 transmission circuit 1304 supplies the CSI-2 session secret, session key, algorithm, and other parameters from the CCI device to the CSI-2 device.
- step S510 the CSI-2 device of the extended mode compatible CSI-2 transmitting circuit 1304 transmits image data to the extended mode compatible CSI-2 receiving circuit 1322 of the CSI-2 host by high-speed data communication. For example, high-speed data communication continues until it is time to update the session key for CSI-2.
- step S511 the extended mode compatible CSI-2 receiving circuit 1322 supplies a trigger for updating the CSI-2 session key from the CSI-2 host to the CCI host.
- a CSI-2 device or a CCI device may provide a trigger to the CCI host, or a CCI host may provide a self-trigger to the CCI host.
- a KEY_UPDATE request and a KEY_UPDATE_ACK response are made between the CCI host of the extended mode compatible CSI-2 receiving circuit 1322 and the CCI device of the extended mode compatible CSI-2 transmitting circuit 1304. This updates the session key and discards part of the old session key. Note that when the session key is composed of multiple types of keys (request direction key, response direction key, etc.), some or all of them may be updated.
- a KEY_UPDATE request may also be issued by a responder using the GET_ENCAPSULATED_REQUEST mechanism described below.
- step S513 the same processing as step S512 is performed, and the KEY_UPDATE request and KEY_UPDATE_ACK response are performed twice. As a result, the rest (all) of the old session keys that have not been discarded by the process of step S512 alone are discarded.
- step S514 the extended mode compatible CSI-2 receiving circuit 1322 supplies the CSI-2 session secret, session key (after update), algorithm, and other parameters from the CCI host to the CSI-2 host. .
- step S515 in the extended mode compatible CSI-2 transmission circuit 1304, the CCI device supplies the CSI-2 device with a session secret for CSI-2, a session key (after updating), an algorithm, and other parameters. .
- step S516 as in step S510, transmission of image data by high-speed data communication is started, and the same processes as in steps S510 to S515 are repeated.
- the session key for CCI and the session key for CSI-2 are different, and the session ID for CCI and for CSI-2 are different. and CSI-2 have different session secrets.
- the session key for CCI and the session key for CSI-2 may be the same.
- the session ID may be the same for both CCI and CSI-2, and the session secret may be the same for CCI and CSI-2.
- FIG. 79 is a flowchart describing a second processing example of communication processing.
- steps S521 to S523 processing similar to steps S501 to S503 in FIG. 78 is performed.
- step S524 a PSK_EXCHANGE request and a PSK_EXCHANGE_RSP response are made between the CCI host of the extended mode compatible CSI-2 receiving circuit 1322 and the CCI device of the extended mode compatible CSI-2 transmitting circuit 1304.
- the same session secret is derived for CCI and CSI-2.
- the session key for CCI and the session key for CSI-2 can be derived from the same session secret.
- the session key for uplink and the session key for downlink (reverse direction of uplink) may be derived from the same session secret.
- a common session key for CCI and CSI-2 may be derived from the same session secret. Even if the session is the same for CCI and for CSI-2, the session secret, session key, etc. may be different between for CCI and for CSI-2.
- steps S525 to S534 the same processing as steps S507 to S516 in FIG. 78 is performed.
- the pre-shared key PSK key exchange scheme provides options for the requestor and responder to perform mutual authentication and session key establishment with symmetric key cryptography. This option is especially useful for endpoints that do not support asymmetric key cryptography or certificate processing. This option can also be leveraged to expedite session key establishment even when asymmetric key cryptography is supported. This option requires the requestor and responder to have prior knowledge of a common PSK prior to the handshake.
- PSK functions as a basis for mutual authentication credentials and session key establishment. As such, only the two endpoints and potentially trusted third parties provisioning PSKs to the two endpoints may know the value of the PSK.
- a requestor may be paired with multiple responders. Similarly, a responder may be paired with multiple requestors. A requestor and responder pair may be provisioned with one or more PSKs.
- An endpoint may act as a requester for one device and at the same time as a responder for another device.
- the transport layer needs to identify the peer and establish communication between the two endpoints before PSK-based session key exchange can begin.
- a PSK may be provisioned within a trusted environment, such as during a secure manufacturing process.
- a PSK may be agreed between two endpoints using a secure protocol in an untrusted environment.
- the provisioned PSK size is determined by the security strength requirements of the application, but should be at least 128 bits, preferably at least 256 bits.
- endpoint capabilities and supported algorithms may be communicated to peers. Therefore, the SPDM commands GET_CAPABILITIES and NEGOTIATE_ALGORITHMS are not required during session key establishment using the PSK option.
- PSK_EXCHANGE/PSK_EXCHANGE_RSP PSK_FINISH/PSK_FINISH_RSP.
- the PSK_EXCHANGE message includes the role of prompting the responder to obtain a specific PSK, the role of exchanging context between the requester and responder, and the requester's role that the responder knows the correct PSK and has derived the correct session key. There are three roles: the role of proving.
- FIG. 80 is a flowchart describing a third processing example of communication processing.
- steps S541 to S543 processing similar to steps S501 to S503 in FIG. 78 is performed.
- step S544 a GET_DIGESTS request and a DIGESTS response are made between the CCI host of the extended mode compatible CSI-2 receiving circuit 1322 and the CCI device of the extended mode compatible CSI-2 transmitting circuit 1304.
- the extended mode compatible CSI-2 receiving circuit 1322 acquires the certificate chain digest from the extended mode compatible CSI-2 transmitting circuit 1304 .
- step S545 a GET_CERTIFICATE request and a CERTIFICATE response are made between the CCI host of the CSI-2 receiving circuit 1322 supporting extended mode and the CCI device of the CSI-2 transmitting circuit 1304 supporting extended mode.
- the extended mode compatible CSI-2 receiving circuit 1322 acquires the certificate chain from the extended mode compatible CSI-2 transmitting circuit 1304 . It should be noted that acquisition of the certificate chain may be executed multiple times.
- step S546 a CHALLENGE request and a CHALLENGE_AUTH response are made between the CCI host of the extended mode compatible CSI-2 receiving circuit 1322 and the CCI device of the extended mode compatible CSI-2 transmitting circuit 1304. This allows the extended mode CSI-2 receiving circuit 1322 to authenticate the extended mode CSI-2 transmitting circuit 1304 through the challenge-response protocol.
- This initiates a handshake between the requestor and responder for the purpose of authenticating the responder (or optionally both parties).
- Encryption parameters are then negotiated in addition to what was negotiated in the final NEGOTIATE_ALGORITHMS/ALGORITHMS exchange, and shared key information is established.
- step S548 the CCI host of the extended mode compatible CSI-2 receiving circuit 1322 transmits GET_ENCAPSULATED_REQUEST to the extended mode compatible CSI-2 transmitting circuit 1304 CCI device.
- step S549 the CCI device of the extended mode compatible CSI-2 transmitting circuit 1304 transmits ENCAPSULATED_REQUEST (GET_DIGESTS request) to the extended mode compatible CSI-2 receiving circuit 1322 CCI host.
- ENCAPSULATED_REQUEST GET_DIGESTS request
- step S550 the CCI host of the extended mode compatible CSI-2 receiving circuit 1322 transmits DELIVER_ENCAPSULATED_RESPONSE (DIGESTS response) to the extended mode compatible CSI-2 transmitting circuit 1304 CCI device.
- DIGESTS response DELIVER_ENCAPSULATED_RESPONSE
- the CCI device of the extended mode compatible CSI-2 transmitting circuit 1304 acquires the certificate chain digest from the CCI host of the extended mode compatible CSI-2 receiving circuit 1322 .
- step S551 the CCI device of the extended mode compatible CSI-2 transmitting circuit 1304 transmits ENCAPSULATED_RESPONSE_ACK (GET_CERTIFICATE request) to the extended mode compatible CSI-2 receiving circuit 1322 CCI host.
- ENCAPSULATED_RESPONSE_ACK GET_CERTIFICATE request
- step S552 the CCI host of the extended mode compatible CSI-2 receiving circuit 1322 transmits DELIVER_ENCAPSULATED_RESPONSE (CERTIFICATE response) to the extended mode compatible CSI-2 transmitting circuit 1304 CCI device.
- the CCI device (responder) may obtain the certificate chain from the CCI host (requestor). Note that this process may be executed multiple times.
- step S553 the CCI device of the extended mode compatible CSI-2 transmitting circuit 1304 transmits ENCAPSULATED_RESPONSE_ACK to the extended mode compatible CSI-2 receiving circuit 1322 CCI host.
- step S554 a FINISH request and a FINISH_RSP response are made between the CCI host of the CSI-2 receiving circuit 1322 supporting extended mode and the CCI device of the CSI-2 transmitting circuit 1304 supporting extended mode. This completes the handshake between the CCI host of the extended mode compatible CSI-2 receiving circuit 1322 and the CCI device of the extended mode compatible CSI-2 transmitting circuit 1304 initiated by the KEY_EXCHANGE request in step S547.
- step S555 a GET_MEASUREMENTS request and a MEASUREMENTS response are made between the CCI host of the extended mode compatible CSI-2 receiving circuit 1322 and the CCI device of the extended mode compatible CSI-2 transmitting circuit 1304.
- the CCI host of the extended mode compatible CSI-2 receiving circuit 1322 acquires the measurement data from the CCI device of the extended mode compatible CSI-2 transmitting circuit 1304 .
- the GET_MEASUREMENTS request may be issued by the responder using the GET_ENCAPSULATED_REQUEST mechanism described above.
- other requests may be issued from the responder using the GET_ENCAPSULATED_REQUEST mechanism described above.
- the extended packet consists of a packet header PH, an extended packet header ePH, packet data, an extended packet footer ePF, and a packet footer PF.
- An extension packet configured in this way can be used to specify frame start, embedded data, image data, user-defined data, frame end, write command (CCI Write), read command (CCI Read), and read response (CCI Read return value). Can be configured. Some or all of the packet header PH, extended packet header ePH, packet data, extended packet footer ePF, and packet footer PF may be omitted. That is, a packet configuration including at least an extended packet header ePH and packet data is defined as an extended packet.
- any of the extended packet header ePH, packet data, or extended packet footer ePF may not be received normally (messages may be lost) due to noise, interference, or attacks. Therefore, it is desirable to store a verification packet for verifying the integrity of the extension packet header ePH, the packet data, and the extension packet footer remainder ePF1 in the extension packet footer end ePF0.
- CRC32 of a cyclic redundancy check which is a kind of error detection code, is used.
- Packet data can be used for the packet to be verified.
- an extended packet header and packet data can be used for the packet to be verified.
- packet data and extended packet footer rest (ePF1) can be used for the packet to be verified.
- the packet to be verified can use the extended packet header, packet data and extended packet footer rest (ePF1). At least the packet data is protected by such a verified packet.
- the image sensor 1211 includes a second protection unit (eg, CRC calculation unit) that generates second protection data (eg, CRC calculation value) of packet data without using a session key.
- the second protected data is stored, for example, in an extended packet footer ePF for high speed data transmission. That is, within the frame start, embedded data, image data, user-defined data, frame end, write command (CCI Write), read command (CCI Read), read response (CCI Read return value), etc. is stored in either
- Security features may be defined for extended packet footers ePF1 and ePF0.
- the image sensor 1211 may include a security calculation unit (for example, an encryption calculation unit, a decryption calculation unit, a hash value calculation unit, a message authentication code calculation unit, and a digital signature calculation unit).
- the result of the security calculation (eg hash value, message authentication code, digital signature) may then be stored in the extended packet footer ePF.
- the result of the security operation may be stored only within the extended packet footer ePF1 rather than within the extended packet footer ePF0, or may be stored outside the extended packet footer rather than within the extended packet footer (e.g., embedded in the data or in the read response).
- a security calculation unit included in the image sensor 1211 is included in the security unit 1310 .
- GMAC GaloisMAC
- CMAC Cipher-based MAC
- HMAC Hash-based MAC
- MAC message authentication code
- AES-GMAC AES-GMAC
- AES-CMAC SHA2-HMAC
- SHA3-HMAC SHA3-HMAC
- AES Advanced Encryption Standard
- SHA Secure Hash Algorithm
- the extended packet footer for example, either the packet data as the packet to be verified, or the extended packet header and the packet data as the packet to be verified, a hash (especially a cryptographic hash) value, a message authentication code, a digital signature, etc. of security information may be stored. In that case, it is possible to provide further resistance to malicious tampering by an attacker.
- a CRC of a cyclic redundancy check which is a type of error detection code, may be stored in the extension packet footer "ePF1" or "ePF1 and ePF0".
- an integrity calculation value for example, second 1 protected data, 2nd protected data
- the CRC can be used for functional safety and its integrity can be used to prevent hardware failures from going undetected.
- the integrity of security functions can be used to detect intentional interference or attacks. That is, the security calculation unit calculates an integrity calculation value based on encryption, and the CRC calculation unit calculates an integrity calculation value not based on encryption.
- the application processor 1212 can verify the integrity of the packet to be verified, for example, by using the verification packet.
- it is determined to be abnormal for example, transmission of a request message requesting retransmission of a packet including a packet to be verified and a verification packet, transmission of a request message inquiring of the image sensor 1211 whether there is an abnormality in the image sensor 1211, transmission of a request message to the image sensor 1211, Send a request message requesting the image sensor 1211 to stop part or all of the functions of 1211, stop the propulsion device, change the propulsion control of the propulsion device, change the priority data used for propulsion control, etc. may be performed.
- the integrity calculation value is stored, for example, in embedded data, image data (packet data), user-defined data, a write command, a read command, a read response, or the like.
- the integrity computation value may not be stored in the extended packet footer.
- the computed completeness values may be stored per image frame rather than per image line, in which case the completeness is computed efficiently.
- the integrity calculation value is stored, for example, in the embedded data or in the read response after the image data has been sent.
- the expansion packet shown in A of FIG. 81 is an expansion packet in which the calculation value obtained by the security calculation using the verification packet is stored with the expansion packet header ePH, the packet data, and the expansion packet footer remainder ePF1 as the verification packet.
- This is a configuration example in which ePF0 at the end of the footer is a verification packet.
- the extension packet shown in B of FIG. 81 uses the packet data and the remainder of the extension packet footer ePF1 as the packet to be verified, and the extension packet footer end ePF0 that stores the calculated value obtained by the security calculation using the packet to be verified is used for verification.
- This is a configuration example of a packet.
- the expansion packet shown in C of FIG. 81 is a verification packet with the expansion packet header ePH and packet data as the verification packet, and the expansion packet footer end ePF0 storing the calculated value obtained by the security calculation using the verification packet. This is a configuration example.
- the expansion packet shown in D of FIG. 81 is a configuration example in which the packet data is the packet to be verified, and ePF0 at the end of the expansion packet footer storing the calculated value obtained by the security calculation using the packet to be verified is the verification packet. It's becoming
- the expansion packet shown in A of FIG. 82 is a verification packet with the expansion packet header ePH and packet data as the verification packet, and the expansion packet footer remainder ePF1 storing the calculated value obtained by the security calculation using the verification packet. This is a configuration example.
- the extension packet shown in B of FIG. 82 is an extension packet footer remainder ePF1 and an extension packet footer in which calculation values obtained by security calculation using the extension packet header ePH and packet data are stored as a verification packet.
- This is a configuration example in which the tail ePF0 is a verification packet.
- the expansion packet shown in FIG. 82C is a configuration example in which the packet data is the packet to be verified, and the expansion packet footer remainder ePF1 storing the calculated value obtained by the security calculation using the packet to be verified is the verification packet. It's becoming
- the extension packet shown in D of FIG. 82 uses the packet data as the packet to be verified, and uses the extension packet footer remainder ePF1 and the extension packet footer end ePF0, which store the calculated values obtained by the security calculation using the packet to be verified, for verification.
- This is a configuration example of a packet.
- FIG. 83 is a flowchart for explaining data verification processing performed in the application processor 1212.
- FIG. 83 is a flowchart for explaining data verification processing performed in the application processor 1212.
- step S601 when the extension packet transmitted from the image sensor 1211 is received by the extension mode compatible CSI-2 receiving circuit 1322, the security unit 1326 receives the verification packet of the extension packet.
- the process proceeds to step S602. Note that even if all of the packets to be verified have not been completely received, the process may proceed to step S602 as long as at least a portion (for example, 128 bits) capable of starting calculation of the security calculation has been received. . In that case, the remaining to-be-verified packets continue to be received until all of the to-be-verified packets have been received.
- step S602 the security unit 1326 starts calculating a calculated value obtained by security calculation using at least part of the packet to be verified received in step S601.
- step S603 the security unit 1326 receives the verification packet transmitted from the image sensor 1211 via the extended mode compatible CSI-2 receiving circuit 1322.
- the security unit 1326 completes the reception of the verification packet and acquires the received value (calculated value calculated by the image sensor 1211) stored in the verification packet, the process proceeds to step S604.
- step S604 the security unit 1326 completes the calculation of the calculated value obtained by the security calculation using the packet to be verified that started in step S602 (that is, receives all of the packet to be verified and calculates using all of it). is completed), the process proceeds to step S605.
- step S605 the security unit 1326 determines whether or not the received value received in step S603 matches the calculated value obtained in step S604.
- step S605 If the security unit 1326 determines in step S605 that the received value and the calculated value match, the process proceeds to step S606. In this case, in step S606, the security unit 1326 determines that the extended packet received by the extended mode compatible CSI-2 receiving circuit 1322 is normal, and the process ends.
- step S605 determines that the received value and the calculated value do not match
- the process proceeds to step S607.
- step S607 the security unit 1326 determines that the extension packet received by the extension mode compatible CSI-2 receiving circuit 1322 is abnormal, and the process ends.
- the image sensor 1211 stores the message count value counted by the message counter 1308 in the extended packet header or the extended packet footer in order to ensure functional safety (e.g., detecting missing messages and taking appropriate action). can do.
- the message counter 1308 included in the image sensor 1211 can store a message count value that is incremented or decremented each time a message is sent from the image sensor 1211 .
- the image sensor 1211 may have a configuration in which an independent message counter 1308 is provided for each virtual channel, or a configuration in which a common message counter 1308 is provided for the virtual channels.
- Message counter 1308 sets the message count value to an initial value (e.g., 0 or a maximum value) on the first packet that includes an extended packet header for a given virtual channel, and each time it sends data that includes an extended packet header for a given virtual channel. to increment or decrement the message count value. Also, the message counter 1308 does not increment or decrement the message count value, for example, when data that does not include an extended packet header is transmitted, and increments the count the next time data that includes an extended packet header is transmitted. resume.
- an initial value e.g., 0 or a maximum value
- the message counter 1308 may continue counting regardless of frame start or frame end. Then, when the message count value counts up to a specified value (eg, maximum value or 0), the message counter 1308 returns the next message count value to the initial value (eg, 0 or maximum value) and counts. . Note that part of the extended packet header may store part of the nonce value.
- the receiving side image sensor 1211 or application processor 1212
- the message count value is preferably stored within the extended packet header.
- the receiving side can start responding to them in a short time. For example, high speed movement or high speed movement is possible. It is particularly suitable for a propulsion device with a
- a write command (CCI Write), a read command (CCI Read), or a read response (CCI Read return value) may also be configured to store a message count value or an integrity calculation value, and an extension packet may apply. In that case, it becomes possible to support functional safety and protect integrity for write commands, read commands, and read responses.
- FIG. 84 is a flowchart for explaining message count value transmission processing in which the image sensor 1211 transmits the message count value.
- step S611 the message counter 1308 initializes the message count value to 0.
- step S612 the extension mode compatible CSI-2 transmission circuit 1304 determines whether or not to transmit the extension packet header, and the process waits until it is determined to transmit the extension packet header. Then, in step S612, if the extension mode compatible CSI-2 transmission circuit 1304 determines to transmit the extension packet header, the process proceeds to step S613.
- step S613 the extension mode compatible CSI-2 transmission circuit 1304 acquires the message count value from the message counter 1308 and stores it in the extension packet header.
- the extended mode compatible CSI-2 transmission circuit 1304 transmits the extended packet header containing the message count value at step S613.
- step S615 the message counter 1308 determines whether the message count value has reached the maximum value. If the message counter 1308 determines in step S615 that the message count value has not reached the maximum value, processing proceeds to step S616.
- step S616 the message counter 1308 increments the message count value. After that, the process returns to step S612, and the same process is repeated thereafter.
- step S615 determines in step S615 that the message count value has reached the maximum value
- the process returns to step S611 to initialize the message count value, and then repeats the same process. done.
- the message count value may be initialized, set to the maximum value, and decremented.
- the image sensor 1211 can include additional information such as device setting information in the data stream.
- the embedded data consists of one or more lines and includes any of configuration data of the image sensor 1211, standard register values, vendor specific register values, frame format descriptions, statistical values, etc. is possible.
- FIG. 85A shows one line of embedded data, in which the embedded data format code is followed by a desired amount of embedded data, and the remaining padding characters. It has a configuration.
- Embedded data includes information related to image data or user-defined data. Therefore, although the image data or user-defined data may be compressed data, it is desirable that the embedded data be uncompressed data (uncompressed data). Therefore, when data compression is used, compressed data (image data or user-defined data) and non-compressed data (embedded data) are mixed in a frame of high-speed data transmission.
- the embedded data can have multiple embedded data lines (rows) according to the number of register values added to the embedded data. Also, the number of rows of embedded data can be specified by part of the description within the frame format in the first row of embedded data within the frame.
- the line length of the embedded data may be shorter than the line length of the image data or user-defined data, but should not exceed the line length of the image data or user-defined data. preferably identical.
- a first pixel value of the embedded data may indicate the format used for the embedded data.
- Part or all of the nonce value is stored and transmitted within at least part of the embedded data indicating a vendor specific code or a reserved code (Reserved for future use) as shown in FIG. 85B. good too.
- embedded data is stored either between the frame start and the first image data or user-defined data, and between the last image data or user-defined data and the frame end. However, embedded data between the last image data or user-defined data and the frame end may be omitted.
- FIG. 86 shows an example of the data structure of two frames of image data transmitted from the image sensor 1211.
- FIG. 86 shows an example of the data structure of two frames of image data transmitted from the image sensor 1211.
- the read command and read response are followed by the frame start (VC2 FS) of the second virtual channel.
- the first embedded data (VC1 Emb Data) of the first virtual channel and the first embedded data (VC2 Emb Data) of the second virtual channel are transmitted.
- one frame of image data (VC1 Img Data) of the first virtual channel and user-defined data (VC2 UD Data) of the second virtual channel are transmitted.
- the second embedded data (VC1 Emb Data) of the first virtual channel and the second embedded data (VC2 Emb Data) of the second virtual channel are transmitted.
- the end of frame (VC1 FE) of the first virtual channel is transmitted
- the end of frame (VC2 FE) of the second virtual channel is transmitted following the read command and read response.
- FIG. 86 shows an example in which the message count value is shared between the first virtual channel and the second virtual channel.
- the configuration may be such that independent sage counters are provided for the first virtual channel and the second virtual channel.
- the user-defined data may be image data or the like.
- part or all of the nonce value is stored, for example, within the period from the frame start to the frame end or within the period from the frame end to the frame start (frame blanking period).
- the nonce value can be stored within the period from the frame start to the frame end, for example, within embedded data, within image data, within non-image data, or within a line blanking period. It may also be stored in a second virtual channel.
- embedded data is data in which attributes representing image data, information (metadata) related to image data, and the like are stored.
- High-speed data transmission and low-speed command transmission can be frequency-separated by a filter, so if power consumption is not a problem, part or all of the transmission may be duplicated (parallel execution).
- Some or all of the nonce values may be sent every multiple frames, but are preferably sent every frame, for example due to missing frames.
- FIG. 87 is a flowchart describing image data transmission processing in which the image sensor 1211 transmits image data.
- step S621 the extension mode compatible CSI-2 transmission circuit 1304 determines whether or not a command to start high-speed data transmission has been received, and processing is put on standby until it is determined that a command to start high-speed data transmission has been received. be. If it is determined in step S621 that the extension mode compatible CSI-2 transmission circuit 1304 has received a command to start high-speed data transmission, the process proceeds to step S622.
- step S622 the pixel 1301 starts imaging, and the image data output from the pixel 1301 is supplied to the extension mode compatible CSI-2 transmission circuit 1304 via the AD converter 1302 and the image processing unit 1303.
- step S623 the extension mode compatible CSI-2 transmission circuit 1304 transmits the frame start of the first virtual channel.
- step S624 the extension mode compatible CSI-2 transmission circuit 1304 transmits the frame start of the second virtual channel.
- step S625 the extended mode compatible CSI-2 transmission circuit 1304 transmits the first embedded data of the first virtual channel.
- step S626 the extended mode compatible CSI-2 transmission circuit 1304 transmits the first embedded data of the second virtual channel.
- step S627 the extension mode compatible CSI-2 transmission circuit 1304 transmits the image data of the first virtual channel.
- step S628 the extended mode compatible CSI-2 transmission circuit 1304 transmits user-defined data on the second virtual channel.
- step S629 the extension mode compatible CSI-2 transmission circuit 1304 determines whether or not transmission of image data for one frame has been completed.
- step S629 If the extended mode compatible CSI-2 transmission circuit 1304 determines in step S629 that the transmission of one frame of image data has not been completed, the process returns to step S627, and the same process is repeated thereafter. On the other hand, if the extension mode compatible CSI-2 transmission circuit 1304 determines in step S629 that transmission of one frame of image data has been completed, the process proceeds to step S630.
- step S630 the extended mode compatible CSI-2 transmission circuit 1304 transmits the second embedded data of the first virtual channel.
- step S631 the extended mode compatible CSI-2 transmission circuit 1304 transmits the second embedded data of the second virtual channel.
- step S632 the extension mode compatible CSI-2 transmission circuit 1304 transmits the frame end of the first virtual channel.
- step S633 the extension mode compatible CSI-2 transmission circuit 1304 transmits the frame end of the second virtual channel.
- step S634 the extension mode compatible CSI-2 transmission circuit 1304 determines whether or not a command to end high-speed data transmission has been received.
- step S634 If it is determined in step S634 that the extended mode compatible CSI-2 transmission circuit 1304 has not received the high-speed data transmission end command, the process returns to step S622, and the same process is repeated thereafter. On the other hand, if it is determined in step S634 that the extended mode compatible CSI-2 transmission circuit 1304 has received the high-speed data transmission end command, the process ends.
- the start of imaging may be continuously executed until an instruction to end high-speed data transmission is received, or may be executed each time an instruction to start high-speed data transmission is received.
- FIG. 88 is a flowchart for explaining the integrity computation value transmission process in which the image sensor 1211 transmits the integrity computation value.
- step S641 the security unit 1310 derives the session key for the first virtual channel.
- step S642 the security unit 1310 derives the session key for the second virtual channel.
- step S643 the message counter 1308 initializes the upper count value of the message count value and sets it to zero.
- step S644 the message counter 1308 initializes the lower count value of the message count value and sets it to zero.
- step S645 the extended mode compatible CSI-2 transmission circuit 1304 determines whether or not to end the session, and if it is determined not to end the session, the process proceeds to step S646.
- step S646 the extension mode compatible CSI-2 transmission circuit 1304 determines whether or not to transmit the extension packet of the first virtual channel.
- step S646 If it is determined in step S646 that the extension mode compatible CSI-2 transmission circuit 1304 does not transmit the extension packet of the first virtual channel, the processing returns to step S645, and the same processing is repeated thereafter. On the other hand, if the extension mode compatible CSI-2 transmission circuit 1304 determines in step S646 to transmit the extension packet of the first virtual channel, the process proceeds to step S647.
- step S647 the security unit 1310 uses the session key of the first virtual channel derived in step S641 to calculate the integrity calculation value of the first virtual channel.
- step S648 the extension mode compatible CSI-2 transmission circuit 1304 arranges the integrity calculation value calculated in step S647 in the extension packet of the first virtual channel, and transmits the extension packet of the first virtual channel. .
- step S649 the extension mode compatible CSI-2 transmission circuit 1304 determines whether or not to transmit the extension packet of the second virtual channel, and continues processing until it is determined to transmit the extension packet of the second virtual channel. stand by. Then, in step S649, if the extension mode compatible CSI-2 transmission circuit 1304 determines to transmit the extension packet of the second virtual channel, the process proceeds to step S650.
- step S650 the security unit 1310 uses the session key of the second virtual channel derived in step S642 to calculate the integrity calculation value of the second virtual channel.
- step S651 the extension mode compatible CSI-2 transmission circuit 1304 arranges the integrity calculation value calculated in step S650 in the extension packet of the second virtual channel, and transmits the extension packet of the second virtual channel.
- step S652 the message counter 1308 determines whether or not the lower count value of the message count value has reached the maximum value.
- step S652 determines in step S652 that the lower count value of the message count value has not reached the maximum value. If the message counter 1308 determines in step S652 that the lower count value of the message count value has not reached the maximum value, the process proceeds to step S653. In step S653, the message counter 1308 increments the lower count value of the message count value, then the process returns to step S645, and the same process is repeated thereafter.
- step S652 determines in step S652 that the lower count value of the message count value has reached the maximum value.
- the process proceeds to step S654.
- step S654 message counter 1308 increments the upper count value of the message count value, and then the process returns to step S644, and the same process is repeated thereafter.
- step S645 if the extension mode compatible CSI-2 transmission circuit 1304 determines to end the session, the process proceeds to step S655.
- step S655 the security unit 1310 destroys or cleans up the session key of the first virtual channel and the session key of the second virtual channel, after which the process ends.
- FIG. 89 shows a first modified example of the data structure of image data.
- the data structure of the image data shown in FIG. 89 uses a common message count value for the first virtual channel and the second virtual channel.
- session key or message counter may be shared between the first virtual channel and the second virtual channel.
- image data or embedded data may be replaced with other data.
- embedded data may be replaced with image data.
- message counters may be shared by counting across virtual channels (VCs).
- FIG. 90 shows a second modification of the data structure of image data.
- independent message count values are used for Write (CCI write command), Read1 (CCI read command), and Read2 (CCI read response).
- FIG. 91 shows a third modified example of the data structure of image data.
- independent message count values are provided for the CCI uplink (Write and Read1) and the CCI downlink (Read2). That is, the message count value may be shared between Write (CCI write instruction) and Read1 (CCI read instruction).
- the nonce value is used as part or all of the initialization vector for encryption or decryption operations using the session key, for example, because it is number used once for the same session key. Therefore, the nonce used by the image sensor 1211 for the encryption operation is transmitted from the image sensor 1211 and received by the application processor 1212, so that the application processor 1212 can obtain the nonce value required for the decryption operation.
- the image sensor 1211 desirably transmits a nonce value before transmitting image data.
- part or all of the nonce value corresponding to the image data in a certain frame is the first image data in a certain frame after the last image data in the frame was completely transmitted one before.
- within the read response within the user-defined data, within the embedded data (immediately after the image data), within the frame end, within the frame start, within the embedded data (immediately before the image data), etc. stored in
- the application processor 1212 which is the master of low-speed command transmission, receives frame start, embedded data, image data, user-defined data, frame end, etc., transmitted by high-speed data transmission from the image sensor 1211, which is the slave of low-speed command transmission.
- a read command requesting the application processor 1212 to read the nonce value in the image sensor 1211 may be transmitted by low-speed command transmission in response to the start or completion of reception of any of the above.
- the image sensor 1211 receives the readout command sent from the application processor 1212 and sends the corresponding nonce value by high-speed data transmission.
- the image sensor 1211 can notify the application processor 1212 of the nonce value.
- This read command for example, corresponds to Read of Read/Write in the I2C or I3C standard.
- the read response corresponds to the read return value.
- a timer may be provided that waits for a predetermined period of time after the application processor 1212 receives the high-speed data transmission and before it transmits the read command.
- the inter-integrated circuit serial bus sometimes called the I2C bus or I 2 C bus, is a serial single-ended computer bus intended for use in connecting low speed peripherals to application processor 1212 .
- the I2C bus is a multi-master bus in which each device can act as master and slave to different messages sent on the I2C bus.
- the I2C bus can transmit data using only two bidirectional open-drain connectors, including the serial data line (SDA) and serial clock line (SCL). Those connectors typically include signal lines terminated by pull-up resistors.
- SDA serial data line
- SCL serial clock line
- Those connectors typically include signal lines terminated by pull-up resistors.
- the protocol that governs the operation of the I2C bus defines basic types of messages, each of which begins with a START and ends with a STOP.
- the I2C bus uses 7-bit addressing and defines two types of nodes.
- a master node is a node that generates a clock and initiates communication with slave nodes.
- a slave node is a node that receives a clock and responds when addressed by a master.
- the I2C bus is a multi-master bus, which means that there can be any number of master nodes. Additionally, the master and slave roles may change between messages (ie, after a STOP is sent). In this embodiment, which is a camera implementation, one-way transmission may be used to capture images from the sensor and transmit such image data to memory in the baseband processor, while the baseband processor and , sensors as well as other peripheral devices.
- the Camera Control Interface (CCI) protocol may be used for such control data between the baseband processor and the image sensor (or one or more slave nodes).
- the CCI protocol may be implemented over an I2C serial bus between the image sensor and the baseband processor.
- I2C serial bus between the image sensor and the baseband processor.
- the I3C communication standard is a standard for communication via two signal lines, the SDA line for transmitting data and the SCL line for transmitting clock signals.
- devices such as processors
- devices are classified into devices that operate as masters or slaves, and devices that operate only as slaves.
- a processor can act as a master or a slave, and a sensor can only act as a slave.
- a master is a device that controls a slave
- a slave is a device that operates under the control of the master.
- a plurality of slaves can be connected to one master.
- multiple masters can transmit signals to one slave, and this communication is hereinafter referred to as "multi-master communication”.
- slaves can communicate with each other without going through the master, and this communication is called “peer-to-peer communication”.
- peer-to-peer communication while the SDA line is busy with communication from another device, the slave can interrupt the communication and perform communication. is called.
- signals transmitted simultaneously by multiple devices may collide on the SDA line. For example, if a master is sending a signal to a slave and another slave has an in-band interrupt and is sending a signal to the master, the signals from the master and slaves will collide. Therefore, devices in I3C have a function of detecting collisions and arbitrating between devices.
- the image sensor 1211 may trigger the read command with an in-band interrupt and send a read response accordingly, or may omit the read command and send a read response with an in-band interrupt.
- FIG. 92 is a flowchart for explaining a first processing example of integrity computation value processing in which the image sensor 1211 transmits the integrity computation value.
- step S661 the security unit 1310 derives a session key.
- step S662 the message counter 1308 initializes the message count value to 0.
- step S663 the extended mode compatible CSI-2 transmission circuit 1304 determines whether or not to end the session, and if it is determined not to end the session, the process proceeds to step S664.
- step S664 the extension mode compatible CSI-2 transmission circuit 1304 determines whether or not to transmit an extension packet.
- step S664 If it is determined in step S664 that the extension mode compatible CSI-2 transmission circuit 1304 does not transmit the extension packet, the processing returns to step S663, and the same processing is repeated thereafter. On the other hand, if the extension mode compatible CSI-2 transmission circuit 1304 determines in step S664 to transmit an extension packet, the process proceeds to step S665.
- step S665 the security unit 1310 uses the message count value to calculate the integrity calculation value.
- step S666 the extension mode compatible CSI-2 transmission circuit 1304 places the integrity calculation value calculated in step S665 in the extension packet and transmits the extension packet.
- step S667 the message counter 1308 determines whether the message count value has reached the maximum value. If the message counter 1308 determines in step S667 that the message count value has not reached the maximum value, processing proceeds to step S668.
- step S668 the message counter 1308 increments the message count value. After that, the process returns to step S663, and the same process is repeated thereafter.
- step S667 determines in step S667 that the message count value has reached the maximum value
- the process proceeds to step S669.
- the security unit 1310 updates the session key in step S669
- the process returns to step S662, and the same process is repeated thereafter.
- step S663 if the extension mode compatible CSI-2 transmission circuit 1304 determines to end the session, the process proceeds to step S670.
- step S670 the security unit 1310 destroys or cleans up the session key, after which the process ends.
- the message count value is incremented by 1 each time an extension packet is transmitted.
- the count value circles. For example, when sending 4K data with a frame rate of 60 fps and a pixel count of 4096 x 2160 (horizontal x vertical), an extension packet of 2163 lines, which is the sum of the 3 lines of the frame start, embedded data, and frame end, is added within one frame. , the message count value goes around in (2 16 )/(60 ⁇ 2163) ⁇ 0.5 seconds.
- the image sensor 1211 computes a MAC value such as a Galois Message Authentication Code (GMAC) value for a message using the same session key and the same initialization vector value, and sends the message and the MAC value
- GMAC Galois Message Authentication Code
- the attacker and the MAC value can be easily obtained by computing the simultaneous equations.
- the attacker can freely tamper with the MAC value, attacks such as message spoofing, tampering, and replaying are possible. Therefore, if the message count value is used as the variable part of the initialization vector, that is, as the nonce value, it is necessary to update the session key before the message count value completes one cycle. For example, by utilizing the period of frame blanking or line blanking, the session key may be updated before the nonce value rolls over.
- GMAC Galois Message Authentication Code
- FIG. 93 is a flowchart for explaining a second processing example of integrity computation value processing in which the image sensor 1211 transmits the integrity computation value.
- step S681 the security unit 1310 derives a session key.
- step S682 the message counter 1308 initializes the upper count value of the message count value and sets it to zero.
- step S683 the message counter 1308 initializes the lower count value of the message count value and sets it to zero.
- step S684 the extended mode compatible CSI-2 transmission circuit 1304 determines whether or not to end the session, and if it is determined not to end the session, the process proceeds to step S685.
- step S685 the extension mode compatible CSI-2 transmission circuit 1304 determines whether or not to transmit an extension packet.
- step S685 if the extension mode compatible CSI-2 transmission circuit 1304 determines not to transmit the extension packet, the process returns to step S684, and the same process is repeated thereafter. On the other hand, if the extension mode compatible CSI-2 transmission circuit 1304 determines in step S685 to transmit an extension packet, the process proceeds to step S686.
- step S686 the security unit 1310 uses the upper count value and lower count value of the message count value to calculate the integrity calculation value.
- step S687 the extension mode compatible CSI-2 transmission circuit 1304 places the integrity calculation value calculated in step S686 in the extension packet and transmits the extension packet.
- step S688 the message counter 1308 determines whether or not the lower count value of the message count value has reached the maximum value. If message counter 1308 determines in step S688 that the lower count value of the message count value has not been counted to the maximum value, processing proceeds to step S689.
- step S689 the message counter 1308 increments the lower count value of the message count value. After that, the process returns to step S684, and the same process is repeated thereafter.
- step S688 determines in step S688 that the lower count value of the message count value has reached the maximum value.
- the process proceeds to step S690.
- message counter 1308 increments the upper count value of the message count value, and then the process returns to step S683, and the same process is repeated thereafter.
- step S684 if the extension mode compatible CSI-2 transmission circuit 1304 determines to end the session, the process proceeds to step S691.
- step S691 the security unit 1310 destroys or cleans up the session key, after which the process ends.
- the message count value as part of the initialization vector, that is, part of the nonce value (eg, lower count value)
- the rest of the nonce value eg, upper count value
- the number of nonce values is ⁇ Using a 16-bit width upper count value: 2 32 ⁇ 60 ⁇ 2163 ⁇ 9 hours ⁇ Using a 20-bit width upper count value: 2 36 ⁇ 60 ⁇ 2163 ⁇ 6 days ⁇ Using a 24-bit width upper count value Then, 2 40 ⁇ 60 ⁇ 2163 ⁇ 98 days ⁇ 2 44 ⁇ 60 ⁇ 2163 ⁇ 4 years when combined with 28-bit width upper count value ⁇ 2 48 ⁇ 60 ⁇ 2163 ⁇ 69 years when combined with 32-bit width upper count value becomes.
- the image sensor 1211 or the application processor 1212 is restarted (turned on after being turned off), a key exchange is required before the protected image data can be sent again. Updated. For example, in general automotive applications, the possibility of not restarting the power supply for 6 days or more is low, and the possibility of not restarting the power supply for 4 years or more is extremely low. is. Of course, it is not limited to that, and a bit width larger than that may be used.
- the power can be turned off when refueling, and in the case of a refueling or rechargeable vehicle, if the power is turned off during vehicle inspection, the protected image data will be sent again. session keys are updated accordingly.
- IoT Internet of Things or Intelligence of Things
- FIG. 94 is a flowchart for explaining a third processing example of integrity computation value processing in which the image sensor 1211 transmits the integrity computation value.
- step S701 the security unit 1310 derives a session key.
- step S702 the message counter 1308 initializes the frame count value to 1.
- step S703 the extended mode compatible CSI-2 transmission circuit 1304 determines whether or not to end the session, and if it is determined not to end the session, the process proceeds to step S704.
- step S704 the extension mode compatible CSI-2 transmission circuit 1304 determines whether or not to transmit an extension packet.
- step S704 if the extension mode compatible CSI-2 transmission circuit 1304 determines not to transmit the extension packet, the process returns to step S703, and the same process is repeated thereafter. On the other hand, if the extension mode compatible CSI-2 transmission circuit 1304 determines in step S704 to transmit an extension packet, the process proceeds to step S705.
- step S705 the security unit 1310 prepares the calculation of the integrity calculation value using the frame count value.
- step S706 the extension mode compatible CSI-2 transmission circuit 1304 transmits the extension packet.
- step S707 the extension mode compatible CSI-2 transmission circuit 1304 determines whether or not transmission within the frame other than the frame end has been completed. In step S707, if the extension mode compatible CSI-2 transmission circuit 1304 determines that transmission other than the frame end within the frame has not been completed, the process returns to step S703, and the same process is repeated thereafter. . On the other hand, if the extension mode compatible CSI-2 transmission circuit 1304 determines in step S707 that the transmission within the frame other than the frame end has been completed, the process proceeds to step S708.
- step S708 the security unit 1310 completes the calculation of the integrity calculation value using the frame count value.
- step S709 the extension mode compatible CSI-2 transmission circuit 1304 transmits the integrity calculation value together with the frame end.
- step S710 the message counter 1308 determines whether or not the frame count value has reached a specified value. If the message counter 1308 determines in step S710 that the frame count value has not reached the specified value, the process proceeds to step S711.
- step S711 the message counter 1308 increments the frame count value. After that, the process returns to step S703, and the same process is repeated thereafter.
- step S710 determines in step S710 that the frame count value has reached the specified value
- the process proceeds to step S712.
- the security unit 1310 updates the session key in step S712
- the process returns to step S702, and the same process is repeated thereafter.
- step S703 if the extension mode compatible CSI-2 transmission circuit 1304 determines to end the session, the process proceeds to step S713.
- step S713 the security unit 1310 destroys or cleans up the session key, after which the process ends.
- the image sensor 1211 may calculate the integrity calculation value for each image frame and transmit them collectively.
- the integrity calculation value in that case is transmitted after being stored in the embedded data after the image data, in the user-defined data, or in the readout response.
- a frame start or frame end may contain, for example, a 16-bit frame number. This frame number may be the same at the frame start and frame end corresponding to a given frame. When using 16-bit frame numbers, non-zero is preferred, but not required, to distinguish use cases where frame numbers do not work and are left set to zero.
- the frame number is incremented by 1 or 2 for each frame start packet with the same virtual channel and is reset to 1 periodically. For example, if an image frame is masked (ie, not sent) due to corruption, the frame number may be incremented by two.
- increments of 1 or 2 may be freely mixed within the sequence of frame numbers as desired. That is, when incremented by 1, the frame number goes around 2 16 -1 times. Also, when the frame rate is 60 fps, the frame number goes around in (2 16 ⁇ 1) ⁇ 60 ⁇ 18 minutes.
- the image sensor 1211 computes a MAC value such as a Galois Message Authentication Code (GMAC) value for a message using the same session key and the same initialization vector value, and sends the message and the MAC value
- GMAC Galois Message Authentication Code
- the session key when using the frame number as an initialization vector, that is, as a nonce value, it is necessary to update the session key before the frame number completes its cycle. For example, by utilizing the period of frame blanking or line blanking, the session key may be updated before the nonce value rolls over.
- FIG. 95 is a flowchart for explaining a fourth processing example of integrity computation value processing in which the image sensor 1211 transmits the integrity computation value.
- step S721 the security unit 1310 derives a session key.
- step S722 the message counter 1308 initializes the upper count value of the frame count value and sets it to zero.
- step S723 the message counter 1308 initializes the lower count value of the frame count value to 1.
- step S724 the extended mode compatible CSI-2 transmission circuit 1304 determines whether or not to end the session, and if it is determined not to end the session, the process proceeds to step S725.
- step S725 the extension mode compatible CSI-2 transmission circuit 1304 determines whether or not to transmit an extension packet.
- step S725 If it is determined in step S725 that the extension mode compatible CSI-2 transmission circuit 1304 does not transmit the extension packet, the processing returns to step S724, and the same processing is repeated thereafter. On the other hand, if the extension mode compatible CSI-2 transmission circuit 1304 determines in step S725 to transmit an extension packet, the process proceeds to step S726.
- step S726 the security unit 1310 prepares for computation of the integrity computation value using the upper count value and the lower count value of the frame count value.
- step S727 the extension mode compatible CSI-2 transmission circuit 1304 transmits the extension packet.
- step S728 the extension mode compatible CSI-2 transmission circuit 1304 determines whether or not transmission within the frame other than the frame end has been completed. In step S728, if the extension mode compatible CSI-2 transmission circuit 1304 determines that transmission other than the frame end within the frame has not been completed, the process returns to step S724, and the same process is repeated thereafter. . On the other hand, if the extension mode compatible CSI-2 transmission circuit 1304 determines in step S728 that transmission within the frame other than the frame end has been completed, the process proceeds to step S729.
- step S729 the security unit 1310 completes the calculation of the integrity calculation value using the upper count value and lower count value of the frame count value.
- step S730 the extension mode compatible CSI-2 transmission circuit 1304 transmits the integrity calculation value together with the frame end.
- step S731 the message counter 1308 determines whether the lower count value of the frame count value has reached the specified value. If the message counter 1308 determines in step S731 that the lower count value of the frame count value has not reached the specified value, the process proceeds to step S732.
- step S732 the message counter 1308 increments the lower count value of the frame count value. After that, the process returns to step S724, and the same process is repeated thereafter.
- step S731 determines in step S731 that the lower count value of the frame count value has reached the specified value.
- security unit 1310 increments the upper count value of the frame count value, and then the process returns to step S723, and the same process is repeated thereafter.
- step S724 if the extension mode compatible CSI-2 transmission circuit 1304 determines to end the session, the process proceeds to step S734.
- step S734 the security unit 1310 destroys or cleans up the session key, after which the process ends.
- the frame number is used as part of the initialization vector, that is, part of the nonce value (for example, the lower count value), the rest of the nonce value (for example, the upper count value) is also used to obtain the session key. , or the frequency of session key updates can be reduced.
- the nonce value goes around - 2 4 ⁇ (2 16 -1) ⁇ 60 ⁇ 5 hours when combined with 4-bit wide upper count value 2 8 ⁇ (2 16 -1) ⁇ 60 ⁇ 78 hours when combined with 8-bit wide higher count value ⁇ 2 12 ⁇ (2 16 -1) ⁇ 60 ⁇ 52 days when using 12-bit width upper count value together ⁇ 2 16 ⁇ (2 16 -1) ⁇ 60 ⁇ 828 days when using 16-bit width upper count value together ⁇ 2 20 ⁇ (2 16 -1) ⁇ 60 ⁇ 36 years when using 20-bit width upper count value together ⁇ 2 24 ⁇ (2 16 -1) ⁇ 60 ⁇ 581 years when using 24-bit width upper count value together becomes.
- the image sensor 1211 or application processor 1212 is restarted (turned off and then turned on), a key exchange is required before the protected image data can be sent again. Updated. For example, in general automotive applications, the possibility of not restarting the power supply for 3 days or more is low, and the possibility of not restarting the power supply for 2 years or more is extremely low. It is enough. Of course, it is not limited to that, and a bit width larger than that may be used.
- the power can be turned off when refueling, and in the case of a refueling or rechargeable vehicle, if the power is turned off during vehicle inspection, the protected image data will be sent again.
- session keys are updated accordingly.
- IoT Internet of Things or Intelligence of Things
- FIG. 96 shows an example of an initial counter block in which initialization vectors are stored.
- a 128-bit initial counter block is used for encryption by AES (Advanced Encryption Standard)-GCM (Galois/Counter Mode) or AES-GMAC (Galois Message Authentication Code) and for message authentication.
- AES Advanced Encryption Standard
- GCM Galois/Counter Mode
- AES-GMAC Galois Message Authentication Code
- the GHASH function shown in FIG. 97 and the GCTR function shown in FIG. 98 can be used to encrypt the initial counter block.
- the initialization vector can be encrypted using the GCM-AE (Authenticated Encryption) function having an authenticated encryption function as shown in FIG. Decryption) function is used for decryption. However, it may be used only for either encryption (decryption) or message authentication functions.
- GCM-AE Authenticated Encryption
- Decryption Authenticated Encryption
- FIG. 101 shows the data structure of image data for transmitting the integrity calculation value MAC for each line.
- a transmission scheme that transmits the integrity calculation value MAC for each line in this manner is hereinafter referred to as a line MAC scheme as appropriate.
- the integrity calculation value MAC is sent for each CSI-2 line, each CCI command, or each CCI return.
- the initialization vector has the same value among them, more session keys are required.
- the first session key for uplink is used in the VC0 command and the second session key for downlink is used in VC0 return, VC1 and VC2.
- a first session key for CCI is used in VC0 and a second session key for CSI-2 is used in VC1 and VC2.
- one session key for all is used in VC0, VC1 and VC2.
- a total of two message count values are used.
- a common message count value in CSI-2 is used between VC1 and VC2, and an independent message count value in CCI is used in VC0.
- independent message counters may be used between CSI-2 virtual channels. In that case, part of the flowchart may be deleted. In that case, message counters may be synchronized or asynchronous between virtual channels of CSI-2. For example, there are cases where it is desirable to share message counters from the viewpoint of implementation efficiency, and there are cases where it is desirable to have independent message counters from the viewpoint of security.
- the initialization vector with the structure shown in FIG. 102 is common to all virtual channels (CSI-2 and CCI). Part or all of this initialization vector is then transmitted from the transmitting side to the receiving side as shown in FIG.
- Reserved (Res) 2 bits specified values (for example, 0 2 , 1 2 ) may be used. Also, pre-exchanged values may be used as Source ID or Final Destination ID.
- the receiving side may use, as a part or the whole of the initialization vector, a value that the receiving side knows instead of the value transmitted from the transmitting side to the receiving side. Also, when part or all of the initialization vector is sent from the sender to the receiver, it is desirable that part or all of the initialization vector be sent unencrypted (in plaintext), but that is not the case. do not have.
- FIG. 103 shows an example in which the additional message count value is stored outside the extension packet header and transmitted
- the additional message count value and the message count value may be stored and transmitted outside the extension packet header.
- the message count value may also be stored and sent in the extended packet header. Note that only a portion of the additional message count value may be used. For example, if the additional message count value in the initialization vector is 40 bits, the actual additional message count value may be a 16-bit counter whose count value is part of the additional message count value in the initialization vector.
- the rest of the additional message count value in the initialization vector (e.g., 24 bits on the MSB side) is stored with a specified value (e.g., 0 24 , 1 24 ). good. Also, all additional message count values in the initialization vector may be stored with default values (eg, 0 40 , 1 40 ).
- initialization vectors that are transmitted from the image sensor 1211 to the application processor 1212 and set are configured not to be transmitted from the image sensor 1211 to the application processor 1212, based on prior agreement, register settings, or the like. may be set.
- Fig. 104 shows an example of the extended format of CSI-2 or CCI.
- the leading bit (Reserved and eVC) or semi-leading bit (eVC) of the mandatory extended packet header ePH0 is used as the initialization vector.
- Application processor 1212 can then begin calculating the GCTR function shown in FIG. 98 above immediately after receiving that bit. That is, the sender and receiver may be configured to determine the values of initialization vector components other than eVC prior to sending or receiving eVC values.
- step S741 security unit 1310 derives a common session key.
- step S742 the message counter 1308 initializes the upper count value of the message count value and sets it to zero.
- step S743 the message counter 1308 initializes the lower count value of the message count value and sets it to zero.
- step S744 the extended mode compatible CSI-2 transmission circuit 1304 determines whether or not to end the session, and if it is determined not to end the session, the process proceeds to step S745.
- step S745 the extension mode compatible CSI-2 transmission circuit 1304 determines whether or not to transmit the extension packet of the first virtual channel.
- step S745 If it is determined in step S745 that the extension mode compatible CSI-2 transmission circuit 1304 does not transmit the extension packet of the first virtual channel, the processing returns to step S744, and the same processing is repeated thereafter. On the other hand, if the extension mode compatible CSI-2 transmission circuit 1304 determines in step S745 to transmit the extension packet of the first virtual channel, the process proceeds to step S746.
- step S746 the security unit 1310 uses the common session key derived in step S741 to calculate the integrity calculation value of the first virtual channel.
- step S747 the extension mode compatible CSI-2 transmission circuit 1304 arranges the integrity calculation value calculated in step S746 in the extension packet of the first virtual channel, and transmits the extension packet of the first virtual channel. .
- step S748 the extension mode compatible CSI-2 transmission circuit 1304 determines whether or not to transmit the extension packet of the second virtual channel, and continues processing until it is determined to transmit the extension packet of the second virtual channel. stand by. Then, in step S748, when the extension mode compatible CSI-2 transmission circuit 1304 determines to transmit the extension packet of the second virtual channel, the process proceeds to step S749.
- step S749 the security unit 1310 uses the common session key derived in step S741 to calculate the integrity calculation value of the second virtual channel.
- step S750 the extension mode compatible CSI-2 transmission circuit 1304 arranges the integrity calculation value calculated in step S749 in the extension packet of the second virtual channel, and transmits the extension packet of the second virtual channel. .
- step S751 the message counter 1308 determines whether or not the lower count value of the message count value has reached the maximum value.
- step S751 If the message counter 1308 determines in step S751 that the lower count value of the message count value has not reached the maximum value, the process proceeds to step S752. In step S752, message counter 1308 increments the lower count value of the message count value, and then the process returns to step S744, and the same process is repeated thereafter.
- step S751 determines in step S751 that the lower count value of the message count value has reached the maximum value.
- the process proceeds to step S753.
- step S753 the message counter 1308 increments the upper count value of the message count value, then the process returns to step S743, and the same process is repeated thereafter.
- step S744 if the extension mode compatible CSI-2 transmission circuit 1304 determines to end the session, the process proceeds to step S754.
- step S754 the security unit 1310 destroys or cleans up the common session key, after which the process ends.
- the processing described in FIG. 105 is an example in which the message count value is the lower count value and the additional message count value is the upper count value, and is an example when there are two types of CSI-2 virtual channels.
- the initialization vector configuration may include extended data type eDT or data type DT.
- session keys and message counters can be shared among multiple types of data types.
- Reserved, extended virtual channel eVC, and extended data type eDT are stored as the leading bits of the CSI-2/CCI extension format example, so the processor immediately performs GCTR calculation when part or all of these are received. Some (CIPH K ) operations can be started. Also, if the frame structure is pre-agreed between the image sensor 1211 and the application processor 1212, the application processor 1212 can omit receiving these and start calculating a part of the GCTR calculation (CIPH K ). . In other words, these initialization vector configurations are advantageous in terms of computation time.
- the application processor 1212 can use this value in the initialization vector. Accordingly, the application processor 1212 may be configured not to provide an additional message counter from the viewpoint of implementation efficiency, or may be configured to provide an additional message counter from the viewpoint of security. Also, if the application processor 1212 is configured to provide an additional message counter, the image sensor 1211 may be configured not to transmit the additional message count value. That is, if the initialization vector includes the extended virtual channel eVC, transmission of the additional message count value is not mandatory.
- FIG. 106 shows the data structure of image data in which the integrity calculation value MAC is arranged for each frame.
- a transmission method that transmits the integrity calculation value MAC for each frame in this manner is hereinafter referred to as a frame MAC method as appropriate.
- the integrity computation value MAC is derived from the extended packet header ePH, packet data, and extended packet footer ePF of each line except the last extended packet footer ePF of the frame.
- the initialization vector with the structure shown in FIG. 107 is common to line MAC and frame MAC (CSI-2 only). This initialization vector is then transmitted from the transmitting side to the receiving side as shown in FIG.
- FIG. 108 shows an example in which the additional frame number is stored outside the extension packet header and transmitted.
- the additional frame number and frame number may be stored outside the extended packet header and transmitted.
- the frame number may also be stored and transmitted in the frame start. Note that only a part of the additional frame numbers may be used.
- the extra frame number in the initialization vector is 24 bits
- the actual extra frame number may be a 16-bit counter whose count value is part of the extra frame number in the initialization vector (e.g. 16 bits on the LSB side), and the rest of the additional frame number in the initialization vector (eg, 8 bits on the MSB side) may be stored with specified values (eg, 0 8 , 1 8 ).
- all the additional frame numbers in the initialization vector may store prescribed values (eg, 0 24 , 1 24 ).
- initialization vectors that are transmitted from the image sensor 1211 to the application processor 1212 and set are configured not to be transmitted from the image sensor 1211 to the application processor 1212, based on prior agreement, register settings, or the like. may be set.
- step S761 the security unit 1310 derives a session key.
- step S762 the message counter 1308 initializes and sets to 0 the upper count value for which the additional frame number is used.
- step S763 the message counter 1308 initializes and sets to 1 the lower count value for which the frame number is used.
- step S764 the extended mode compatible CSI-2 transmission circuit 1304 determines whether or not to end the session, and if it is determined not to end the session, the process proceeds to step S765.
- step S765 the extension mode compatible CSI-2 transmission circuit 1304 determines whether or not to transmit an extension packet.
- step S765 if the extension mode compatible CSI-2 transmission circuit 1304 determines not to transmit the extension packet, the process returns to step S764, and the same process is repeated thereafter. On the other hand, if the extension mode compatible CSI-2 transmission circuit 1304 determines in step S765 to transmit an extension packet, the process proceeds to step S766.
- step S766 the extension mode compatible CSI-2 transmission circuit 1304 transmits the extension packet.
- step S767 the message counter 1308 determines whether the message count value has reached the maximum value.
- step S767 If the message counter 1308 determines in step S767 that the message count value has reached the maximum value, the process proceeds to step S768. In step S768, message counter 1308 initializes the message count value to zero.
- step S767 determines in step S767 that the message count value has not reached the maximum value. If the message counter 1308 determines in step S767 that the message count value has not reached the maximum value, the process proceeds to step S769. In step S769, message counter 1308 increments the message count value.
- step S770 the extension mode compatible CSI-2 transmission circuit 1304 determines whether or not all extension packets in the frame have been transmitted.
- step S770 If it is determined in step S770 that the extension mode compatible CSI-2 transmission circuit 1304 has not completed transmission of all the extension packets in the frame, the processing returns to step S764, and the same processing is repeated thereafter.
- step S770 determines in step S770 that all extension packets in the frame have been transmitted. the process proceeds to step S771.
- step S771 the message counter 1308 determines whether or not the lower count value has reached the specified value.
- step S771 If the message counter 1308 determines in step S771 that the lower count value has not reached the specified value, the process proceeds to step S772. In step S772, message counter 1308 increments the lower count value, and then the process returns to step S764, and the same process is repeated thereafter.
- step S771 determines in step S771 that the lower count value has reached the specified value
- the process proceeds to step S773.
- message counter 1308 increments the upper count value, and then the process returns to step S763, and the same process is repeated thereafter.
- step S764 if the extension mode compatible CSI-2 transmission circuit 1304 determines to end the session, the process proceeds to step S774.
- step S774 the security unit 1310 destroys or cleans up the common session key, after which the process ends.
- the processing described with reference to FIG. 109 is an example in which the frame number is the lower count value and the additional frame number is the upper count value.
- the computation and transmission of the integrity computation value, virtual channel, session key update, etc. are omitted, but may be combined with part or all of any of the flow charts described above. The same applies to other flowcharts.
- the frame number may include increments of 1 or 2, so it is desirable to increment the upper count value when the lower count value is a specified value (eg, maximum value or maximum value -1). However, if the increment of the frame number is only 1, the upper count value should be incremented when the lower count value is the maximum value.
- the application processor 1212 can use this value for the initialization vector. Therefore, the application processor 1212 may be configured not to include a frame counter from the viewpoint of implementation efficiency, or may be configured to include a frame counter from the viewpoint of safety. Also, if the application processor 1212 is configured to provide a frame counter, the image sensor 1211 may be configured not to transmit the frame number. That is, if the initialization vector contains the extended virtual channel eVC, transmission of the frame number is not an essential requirement.
- the application processor 1212 can use this value in the initialization vector. Therefore, the application processor 1212 may be configured not to provide an additional frame counter from the viewpoint of implementation efficiency, or may be configured to provide an additional frame counter from the viewpoint of security. Also, if the application processor 1212 is configured to provide an additional frame counter, the image sensor 1211 may be configured not to transmit the additional frame number.
- the message count value in the initialization vector may store a specified value (eg, 0 16 , 1 16 ), or a specific extension packet (eg, frame start or frame end). A message count value may be stored.
- the message count value is stored as the message count value in the initialization vector.
- FIG. 110 is a flowchart for explaining selection processing for the image sensor 1211 to select the transmission method of the integrity calculation value MAC.
- step S781 the extended mode compatible CSI-2 transmission circuit 1304 determines whether or not to transmit the integrity calculation value MAC by the line MAC method.
- step S781 If it is determined in step S781 that the extended mode compatible CSI-2 transmission circuit 1304 transmits the integrity calculation value MAC using the line MAC method, the process proceeds to step S782. In step S782, the extended mode compatible CSI-2 transmission circuit 1304 selects the line MAC method.
- step S781 if it is determined in step S781 that the extension mode compatible CSI-2 transmission circuit 1304 does not transmit the integrity calculation value MAC using the line MAC method, the process proceeds to step S783.
- step S783 the extended mode compatible CSI-2 transmission circuit 1304 determines whether or not to transmit the integrity calculation value MAC by the frame MAC method.
- step S783 If it is determined in step S783 that the extended mode compatible CSI-2 transmission circuit 1304 transmits the integrity calculation value MAC using the frame MAC method, the process proceeds to step S784. In step S784, the extended mode compatible CSI-2 transmission circuit 1304 selects the frame MAC method.
- step S783 if it is determined in step S783 that the extension mode compatible CSI-2 transmission circuit 1304 does not transmit the integrity calculation value MAC using the frame MAC method, the process proceeds to step S785.
- step S785 the extended mode compatible CSI-2 transmission circuit 1304 selects a non-MAC scheme that does not transmit the integrity calculation value MAC.
- step S786 the extension mode compatible CSI-2 transmission circuit 1304 transmits the security MAC information (see FIG. 111) indicating either the line MAC method, the frame MAC method, or the non-MAC method, and then the processing ends.
- FIG. 111 shows security MAC information with 2-bit allocation, it may be allocated with a different number of bits (eg, 1 bit, 8 bits). Also, reserved area data (Reserved for future use) may be assigned not to transmit a MAC value (for example, No MAC).
- the image sensor 1211 transmits the MAC value by the line MAC method (select the line MAC method), transmits the MAC value by the frame MAC method (selects the frame MAC method), or transmits the MAC value. It is possible to freely select whether or not to not (select the non-MAC method).
- the image sensor 1211 may select either one upon prior agreement with the application processor 1212 .
- the image sensor 1211 may initially select the line MAC method and switch to another method (for example, the frame MAC method) when a predetermined condition is satisfied.
- the frame MAC method may be selected at first and switched to another method (for example, the line MAC method) when a predetermined condition is satisfied.
- the non-MAC method may be selected at first, and then switched to another method (for example, frame MAC method) when a predetermined condition is satisfied.
- the frame MAC method, or the non-MAC method is determined, for example, in the Security Descriptor in the extended packet header (e.g., ePH2), in the embedded data, or in the user It is stored in the definition data, read response, or the like, and is transmitted from the image sensor 1211 .
- the application processor 1212 can respond to switching the transmission scheme of the integrity computation value MAC in response to its receipt.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
Description
(1)第1セッション鍵を導出または受信すること
(2)第1セッション鍵を第1通信の暗号化もしくは復号とメッセージ認証とに使用すること
(3)第1セッション鍵によって保護された第1通信を使用して第2セッション鍵を受信すること
(4)第2セッション鍵を第2通信の暗号化、復号またはメッセージ認証に使用すること
ここで、第2セッション鍵の使用開始から使用終了までの間の総通信回数もしくは総通信データ量は、第1デバイスと第3デバイスと間の第3通信と、第1通信とにおいて互いに異なる。
(1)第1セッション鍵を導出または受信すること
(2)第1セッション鍵を第1通信の暗号化もしくは復号とメッセージ認証とに使用すること
(3)第1セッション鍵によって保護された第1通信を使用して第2セッション鍵を受信すること
(4)第2セッション鍵を第2通信の暗号化、復号またはメッセージ認証に使用すること
ここで、第2セッション鍵の使用開始から使用終了までの間の総通信回数もしくは総通信データ量は、第1デバイスと第3デバイスと間の第3通信と、第1通信とにおいて互いに異なる。
(1)第1セッション鍵を導出または受信すること
(2)第1セッション鍵を第1通信の暗号化もしくは復号とメッセージ認証とに使用すること
(3)第1セッション鍵によって保護された第1通信を使用して第2セッション鍵を受信すること
(4)第2セッション鍵を第2通信の暗号化、復号またはメッセージ認証に使用すること
ここで、第2セッション鍵の使用開始から使用終了までの間の総通信回数もしくは総通信データ量は、第1デバイスと第3デバイスと間の第3通信と、第1通信とにおいて互いに異なる。
図1は、本技術を適用した通信システムの第1の実施の形態の構成例を示すブロック図である。
図3乃至図8を参照して、拡張モード対応CSI-2送信回路31および拡張モード対応CSI-2受信回路32の間の通信で用いられるパケットのパケット構造の第1の構造例について説明する。
(イメージセンサの構成例)
図9は、拡張モード対応CSI-2送信回路31を備えるイメージセンサ21の構成例を示すブロック図である。
図10は、拡張モード対応CSI-2受信回路32を備えるアプリケーションプロセッサ22の構成例を示すブロック図である。
図11乃至図14を参照して、イメージセンサ21およびアプリケーションプロセッサ22で行われる通信処理について説明する。
図15乃至図18を参照して、拡張モード対応CSI-2送信回路31および拡張モード対応CSI-2受信回路32の間の通信で用いられるパケットのパケット構造の第2の構造例について説明する。
(イメージセンサの変形例)
図19を参照して、イメージセンサおよびアプリケーションプロセッサの変形例について説明する。
図19のBに示すアプリケーションプロセッサ22Aは、切り替え部111、D層処理ブロック部112、C層処理ブロック部113、およびコントローラ74を備えて構成される。
上述した拡張パケットは、例えば、以下のようなユースケースに適用することが検討されている。
図20乃至図26を参照して、伝送経路上におけるパケット改変等を禁止する規定に適応した構成例について説明する。
図24は、E2E protectionに適応したパケット送受信処理を説明するフローチャートである。
図25は、イメージセンサ211の詳細な構成例を示すブロック図である。なお、図25に示すイメージセンサ211において、図9のイメージセンサ21と共通する構成には、同一の符号を付し、その詳細な説明は省略する。
図26は、アプリケーションプロセッサ214の詳細な構成例を示すブロック図である。なお、図26に示すアプリケーションプロセッサ214において、図10のアプリケーションプロセッサ22と共通する構成には、同一の符号を付し、その詳細な説明は省略する。
図27乃至図74を参照して、E2E Protectionに適応した第2の構成例について説明する。
図27に示す通信システム501は、イメージセンサ511およびアプリケーションプロセッサ512がA-PHYにより直接的に(後述する図40を参照して説明するようなSerDes装置を介さずに)接続される直結構成となっている。
図37乃至図39のフローチャートを参照して、図27に示した通信システム501において行われるCCI-FSを使用した通信処理について説明する。
図40に示す通信システム601は、イメージセンサ611およびアプリケーションプロセッサ614が、スレーブ側となるSerDes装置612とマスタ側となるSerDes装置613とを介して接続されるSerDes接続構成となっている。
図50乃至図57のフローチャートを参照して、図40に示した通信システム601において行われるCCI-FSを使用した通信処理について説明する。
図58乃至図60は、拡張パケットヘッダePHの構成例を示す図である。
図61には、従来のI2Cのハードウェアでの構成例が示されている。例えば、ハードウェア実装時で、上位にバス接続構成の場合におけるI2Cの構成例が示されており、スレーブ側は、上位からAKC/NACKを受信できる構成であってもよい。もちろん、一例が示されているものであり、必ずしも上位バス構成が一致するものではない。
図63は、上述の図27に示した通信システム501と同様ように、A-PHY直結構成の通信システム701におけるCCI関連の構成例を示すブロック図である。
図64には、A-PHY直結構成およびSerDes接続構成のネットワークの接続形態(トポロジー)の一例が示されている。
図65は、CCI-FS処理部の回路構成の一例を示すブロック図である。図65に示すCCIFS処理部901およびレジスタ902は、上述した各デバイスが備えるCCI-FS処理部およびレジスタで共通の構成となる。
図69および図70を参照して、拡張パケットヘッダePHの変形例について説明する。
(イメージセンサの詳細な構成例)
図73は、上述した図25に示したイメージセンサ211がCCI-FS処理部1001を備える構成の構成例を示すブロック図である。なお、図73に示すイメージセンサ211では、図25のイメージセンサ211と共通する構成には同一の符号を付し、その説明は省略する。
図74は、上述した図26に示したアプリケーションプロセッサ214がCCI-FS処理部1101を備える構成の構成例を示すブロック図である。なお、図74に示すアプリケーションプロセッサ214では、図26のアプリケーションプロセッサ214と共通する構成には同一の符号を付し、その説明は省略する。
図75乃至図117を参照して、本技術を適用した通信システムの第4の実施の形態について説明する。
図76は、イメージセンサ1211の詳細な構成例を示すブロック図である。
図77は、アプリケーションプロセッサ1212の詳細な構成例を示すブロック図である。
リクエスタおよびレスポンダは、つまりアプリケーションプロセッサ1212およびイメージセンサ1211は、セッションによって1つ以上の通信チャネルを持つことができる。以下では、アプリケーションプロセッサ1212がリクエスタであって、イメージセンサ1211がレスポンダである構成を例に用いてセッションについて説明を行う。もちろん、アプリケーションプロセッサ1212がレスポンダであって、イメージセンサ1211がリクエスタであってもよい。
図78乃至図80を参照して、イメージセンサ1211とアプリケーションプロセッサ1212との間で、高速データ送信および低速コマンド送信が行われる通信処理について説明する。
図81乃至図83を参照して、検証用パケットおよび被検証パケットを使用したデータ検証処理について説明する。
イメージセンサ1211は、機能安全(例えば、メッセージ欠落を検出して適切に処置すること)を確保するために、メッセージカウンタ1308がカウントするメッセージカウント値を、拡張パケットヘッダ内または拡張パケットフッタ内に格納することができる。例えば、イメージセンサ1211が備えるメッセージカウンタ1308は、イメージセンサ1211からメッセージが送信されるたびにインクリメントまたはデクリメントされたメッセージカウント値を格納することができる。なお、イメージセンサ1211は、仮想チャネル(バーチャルチャネル)ごとに独立したメッセージカウンタ1308を設ける構成や、仮想チャネルで共通なメッセージカウンタ1308を設ける構成としてもよい。
図85乃至図88を参照して、埋め込みデータについて説明する。
図89乃至図91を参照して、画像データのデータ構造について説明する。
ナンス値は、例えば、同じセッション鍵に対してnumber used onceであるため、セッション鍵を用いる暗号化演算または復号演算の初期化ベクトル(initialization vector)の一部または全部として用いられる。そのため、イメージセンサ1211が暗号化演算に用いたナンスが、イメージセンサ1211から送信されてアプリケーションプロセッサ1212で受信されることによって、アプリケーションプロセッサ1212は復号演算に必要なナンス値を入手できる。
I2CバスまたはI2Cバスと呼ばれる場合もある集積回路間シリアルバスは、低速周辺装置をアプリケーションプロセッサ1212に接続する際に使用することを意図していたシリアルシングルエンドコンピュータバスである。I2Cバスは、I2Cバス上で送信される様々なメッセージに対して、各デバイスがマスタおよびスレーブとして働くことができるマルチマスタバスである。
図92乃至図95を参照して、完全性演算値処理について説明する。
・16ビット幅の上位カウント値を併用すると232÷60÷2163≒9時間
・20ビット幅の上位カウント値を併用すると236÷60÷2163≒6日
・24ビット幅の上位カウント値を併用すると240÷60÷2163≒98日
・28ビット幅の上位カウント値を併用すると244÷60÷2163≒4年
・32ビット幅の上位カウント値を併用すると248÷60÷2163≒69年となる。
・4ビット幅の上位カウント値を併用すると24×(216-1)÷60≒5時間
・8ビット幅の上位カウント値を併用すると28×(216-1)÷60≒78時間
・12ビット幅の上位カウント値を併用すると212×(216-1)÷60≒52日
・16ビット幅の上位カウント値を併用すると216×(216-1)÷60≒828日
・20ビット幅の上位カウント値を併用すると220×(216-1)÷60≒36年
・24ビット幅の上位カウント値を併用すると224×(216-1)÷60≒581年となる。
図96乃至図100を参照して、暗号化および復号について説明する。
図101乃至図105を参照して、完全性演算値MACの第1の送信方式について説明する。
。
図106乃至図109を参照して、完全性演算値MACの第2の配置例について説明する。
図110および図111を参照して、完全性演算値MACの送信方式の選択について説明する。
図112乃至図115を参照して、メッセージカウント値およびフレームカウント値について説明する。
車両に搭載され、複数の基板が積層された構造の撮像素子における故障を検出できるようにする撮像装置において、第2の基板に設けられた行駆動部が、第1の基板に設けられた画素アレイの画素信号の蓄積および読み出しを制御する制御信号を出力するタイミングと、行駆動部より出力された制御信号が、画素アレイを通過して、検出されるタイミングとが一致するか否かにより、故障を検出する技術が開示されている(国際公開第2017/209221号参照)。
イメージセンサ1211に対して、例えば、所定の強度よりも高い強度の可視光、赤外光、レーザ光などの何れかが照射されると、イメージセンサ1211により撮像される画像を実質的に無効化または改竄されることになる。
次に、図119のフローチャートを参照して、妨害検出部1508による妨害検出処理(その1)について説明する。
以上においては、イメージセンサ1211に対する、光の強度の変化による攻撃(妨害)の有無を検出して特異メッセージとして通知する例について説明してきた。
受光パターンそのものが送信される場合、受光してない画素に関連する情報が高速データ送信されないようにしてもよい。例えば、図120で示されるような白丸印で示される画素が受光される画素を示すドットパターンである場合、白丸印で示される受光されたドットパターンに関連する情報のみが高速データ送信されるようにしてもよい。例えば、受光してない画素は、受光スポットパターンや受光ドットパターンが正常か異常かを判断するために用いられる。その場合、イメージセンサ1211は、高速データ送信するデータ量を最小限に抑えつつ、受光パターンが正常か異常かを判断できる。
次に、図122のフローチャートを参照して、妨害検出部1508による受光パターンを用いた妨害検出処理(その2)について説明する。
次に、障害検出部1509による障害検出について説明する。
次に、図123のフローチャートを参照して、障害検出部1509による障害検出処理について説明する。
次に、侵害検出部1511によるセキュリティ部1510の異常検出について説明する。
次に、図124のフローチャートを参照して、侵害検出部1511によるセキュリティ部1510の異常検出処理について説明する。
次に、温度検出部1512による異常検出について説明する。
次に、図125のフローチャートを参照して、温度検出部1512による異常検出処理について説明する。
以上においては、イメージセンサ1211が、自身の異常の有無を検出して、検出結果に応じた特異メッセージをアプリケーションプロセッサ1212に送信する例について説明してきた。
次に、図127,図128のフローチャートを参照して、アプリケーションプロセッサによる、イメージセンサの異常の有無を検出する処理について説明する。
以上においては、特異メッセージが、画像データの高速データ送信されることを前提としてきたが、送信タイミングを考慮せずに、高速データ送信がなされると、画像データの高速データ送信が阻害される恐れがある。
次に、図130のフローチャートを参照して、画像データの高速データ送信を阻害せずに、特異メッセージの高速データ送信が実行される場合のイメージセンサ1211の処理について説明する。
ここで、図131のフローチャートを参照して、撮像送信処理(その1)について説明する。
以上においては、撮像送信処理が、高速データ送信の終了命令が受信された場合に処理を終了させる例について説明してきたが、高速データ送信の開始命令が受信されない場合に処理を終了させてもよい。
以上においては、定期異常診断の診断結果となる特異メッセージが、埋込データに含めて送信される例について説明してきたが、2回目の定期異常診断(第2定期異常診断)を実行して、第2埋込データに含められて送信されるようにしてもよい。
以上においては、2回目の定期異常診断(第2定期異常診断)を実行して、第2定期異常診断の診断結果に対応する特異メッセージが、第2埋込データに含められて送信されるようにする例について説明してきたが、定期異常診断の診断結果を読み出し応答に含めて送信するようにしてもよい。
以上においては、フレームスタートに応じて読み出し命令を送信して、定期異常診断の診断結果となる特異メッセージを読み出し応答に含めて送信する例について説明してきたが、フレームエンドに応じて読み出し命令を送信して、定期異常診断の診断結果を読み出し応答に含めて送信するようにしてもよい。
以上においては、フレームエンドに応じて読み出し命令を送信して、定期異常診断の診断結果を読み出し応答に含めて送信する例について説明してきたが、フレームスタート送信の直前に、特異メッセージを含む読み出し応答が送信できるようにしてもよい。
以上においては、フレームスタート送信の直前に、特異メッセージを含む読み出し応答が送信できるようにする例について説明してきたが、読み出し命令送信または読み出し応答送信は、埋込データ送信後のラインブランキング期間内に実施されるようにしてもよい。
以上においては、読み出し命令送信および読み出し応答送信は、埋込データ送信後のラインブランキング期間内に実施される例について説明してきたが、画像データ送信後のラインブランキング期間内に実施されてもよい。
以上においては、読み出し命令送信および読み出し応答送信が画像データ送信後のラインブランキング期間内に実施される例について説明してきたが、割り込み機能を用いて特異メッセージが送信されるようにしてもよい。
以上においては、割り込み機能を用いて特異メッセージが送信される例について説明してきたが、画像データ送信のバーチャルチャネルとは異なるバーチャルチャネルのデータ内(例えば、埋込データ内)に特異メッセージを格納して送信されるようにしてもよい。
以上においては、画像データ送信のバーチャルチャネルとは異なるバーチャルチャネルのデータ内(例えば、埋込データ内)に特異メッセージを格納して送信される例について説明してきたが、画像データ送信のバーチャルチャネルとは異なるバーチャルチャネルの、非画像データの少なくとも一部内に格納されて送信されてもよい。
以上においては、画像データ送信のバーチャルチャネルとは異なるバーチャルチャネルの、非画像データの少なくとも一部内に特異メッセージが格納されて送信される例について説明してきたが、画像データ内に格納されて送信されてもよい。
メッセージカウンタ1513は、HD(Humming Distance)≧1カウント(バイナリコード)とHD=1カウント(グレイコード)との何れかをインクリメントまたはデクリメントすることでメッセージカウンタ(メッセージカウント値)を生成する。
次に、図152のフローチャートを参照して、メッセージカウント処理について説明する。
よい。
拡張パケットヘッダ内または拡張パケットフッタ内には、例えば、Fatal warning(重大な異常を検出)、Sensor-internal warning(センサ内部に起因する異常を検出)、Sensor-external warning(センサ外部に起因する異常を検出)、Power-source warning(電源に起因する異常を検出)、Clock-source warning(クロック源に起因する異常を検出)、The others warning(その他に起因する異常を検出)、Physical warning(物理異常を検出)、Logical warning(論理異常を検出)、Power warning(電力異常を検出)、Voltage warning(電圧異常を検出)、Current warning(電流異常を検出)、Electromagnetic warning(電磁異常を検出)、Clock warning(クロック異常を検出)、Thermal warning(温度異常を検出)、Channel warning(伝送路異常を検出)、Message warning(メッセージ異常を検出)、Attack warning(攻撃を検出)、Tamper warning(例えば、侵害を検出)、Blind warning(例えば、妨害を検出)、Saturation warning(例えば、妨害を検出)、Fake warning(例えば、妨害を検出)、Foreign object warning(例えば、障害を検出)、Probe warning(例えば、侵害または障害を検出)、DOS warning(例えば、メッセージカウント異常を検出)、などの何れかを識別できるように定義されるWarning Descriptor(特異メッセージ)が格納されてもよい。
特異メッセージの送信は、第1特異メッセージの送信と第2特異メッセージの送信とに分離されてもよい。
次に、図156,図157のフローチャートを参照して、特異メッセージを分離して送信するときの送信処理について説明する。
以上においては、第1特異メッセージとして警告速報が送信される例について説明してきたが、さらに、警告速報が送信された後、警告詳細の読み出し命令を送信して、イメージセンサ1211から読み出し応答として警告詳細が送信されるようにしてもよい。
拡張パケットヘッダ内または拡張パケットフッタ内には、パケットデータ(ペイロード)の暗号化の有無や、拡張パケットフッタ内のハッシュ値、メッセージ認証コードまたはデジタル署名の有無や、拡張パケットフッタ内のハッシュ値、メッセージ認証コードまたはデジタル署名のアルゴリズム種類などの何れかが定義されるSecurity Descriptor(例えば、Service Descriptorと呼称されてもよい)が格納されてもよい。
イメージセンサ1211およびアプリケーションプロセッサ1212は、所望の推進装置に搭載される構成とすることができる。
推進装置は、図160の推進制御システム1600により、異常メッセージが受信(例えば、1回受信、複数回受信、連続受信)される場合、推進装置の推進状況(例えば、推進装置の推進速度、推進装置周囲の障害物の有無)を調査し、推進状況が安全条件を満たすときには高速データ送信を終了してもよく、推進状況が安全条件を満たさないときには、推進制御を変更(例えば、減速、障害物が少ない位置へ推進装置を誘導)してもよい。
推進装置を制御する推進制御システム1600のアプリケーションプロセッサ1212は、画像データを撮像または表示する画像装置(第1情報処理装置または第1プロセッサと通信する第1センサ)と、他データを取得または表示する他データ装置(第2情報処理装置、第1プロセッサまたは第2プロセッサと通信する第2センサ)とを備えてもよい。
特異メッセージとして異常メッセージが受信(例えば、1回受信、複数回受信、連続受信)される場合、推進装置の推進を制御する推進制御システム1600(のアプリケーションプロセッサ1212に相当する外部情報検出ユニット1617および/またはマイクロコンピュータ1631)は、推進状況を調査し、高速データ送信を終了できる状態である場合には、高速データ送信を終了してもよい。
(HEARTBEAT機能)
HEARTBEAT機能は、リクエスタとレスポンダとの両方でサポートされている場合、セッションの存続要否の判断に用いることができる。
よい。
次に、図170のタイミングチャートを参照して、HEARTBEAT処理(その1)について説明する。
CCIデバイス(レスポンダ)が異常を検出した場合や、所定時間(=第1時間)内にHEARTBEAT要求メッセージが受信されない場合でも、所定時間(=第2時間)内にCCIデバイス(レスポンダ)において、CCIホスト(リクエスタ)からのEND_SESSION要求メッセージが受信できないことがある。ここで、第1時間は、「所定値(例えば、2)×HEARTBEAT周期(HeartbeatPeriod)」に相当する時間であり、第2時間は、「所定値(例えば、2)×HEARTBEAT周期(HeartbeatPeriod)」に相当する時間が経過してから、END_SESSION要求メッセージが送信されるまでの更なる経過時間である。
HEARTBEAT_NAK応答、およびEND_SESSION_NAK応答メッセージは、少なくともいずれか一方を省略するようにしてもよい。
CCIデバイス(レスポンダ)は、エラーや不具合などの異常が発生した場合に、CCIホスト(リクエスタ)にERROR応答メッセージを送信するようにしてもよい。
HEARTBEAT要求メッセージを、VENDOR_DEFINED_REQUEST要求メッセージで疑似的に定義すると共に、HEARTBEAT_ACK応答(およびHEARTBEAT_NAK応答)メッセージを、VENDOR_DEFINED_RESPONSE応答メッセージで疑似的に定義することにより、HEARTBEAT要求およびHEARTBEAT_ACK応答の代わりに用いることで、疑似的にHEARTBEAT機能を実現するようにしてもよい。
本技術は、例えばMIPI(Mobile Industry Processor Interface)AllianceのCSI(Camera Serial Interface)規格またはDSI(Display Serial Interface)規格などに適用する際に好適な、セッション鍵(暗号化鍵またはMAC鍵)の鍵更新を開示する。本技術は、CSI-2規格またはDSI-2規格に適用する際に特に好適である。なお、CSI-2規格またはDSI-2規格は、制御系通信(CCI通信と称する)と画像系通信(被制御系通信またはCSI-2通信またはDSI-2通信と称する)とを含む。制御系通信は、書き込み命令(CCI Write)、読み出し命令(CCI Read)、読み出し応答(CCI Read戻り値)などの何れかの送信を含み、双方向通信である。画像系通信は、フレームスタート、埋込データ、画像データ、ユーザ定義データ、フレームエンドなどの何れかの送信を含み、片方向通信である。そして、本技術は、制御系通信を利用して導出したセッション鍵(暗号化鍵またはMAC鍵)を画像系通信に適用する際に好適である。一方、制御系通信および画像系通信にセキュリティ機能を付加するために、DMTF(Distributed Management Task Force)によるSPDM(Security Protocol and Data Model)規格を適用することが可能である。そのため、本技術は、SPDM規格を双方向通信である制御系通信および片方向通信である被制御系通信に適用する際に好適だが、SPDM規格に準じる必要はない。
非特許文献1に記載のDMTFによるSPDM規格では、図182に示されるように、鍵スケジュールから、4つのメジャーシークレット(Major secrets)(S0:Request-direction handshake secret、S1:Response-direction handshake secret、S2:Request-direction data secret、S3:Response-direction data secret)が導出されることが可能であり、少なくとも1つのエクスポートマスターシークレット(Export Master Secret)が導出されることが可能である。そして、これらのシークレット(セッション秘密)からはセッション鍵(暗号化鍵またはMAC鍵)が導出されることが可能である。
例えば、図183に示されるように、Export Master Secretを更新し、新たなセッション鍵(暗号化鍵またはMAC鍵)を導出して画像系通信へ適用してもよい。
上述のようにExport Master Secretを更新できるようにして非特許文献1に記載のDMTFによるSPDM規格を画像系通信に適用した場合、要求方向データシークレットおよび応答方向データシークレットについては、KEY_UPDATE request messageおよびKEY_UPDATE_ACK response messageによって、新たなシークレットおよびセッション鍵(暗号化鍵またはMAC鍵)の使用開始タイミングが定まる。これに対して、エクスポートマスターシークレットについては、新たなシークレットおよびセッション鍵(暗号化鍵またはMAC鍵)の使用開始タイミングが定まらないおそれがあった。
図184は、図75のAに示されるイメージセンサ1211とアプリケーションプロセッサ1212との間での、セッション鍵を用いた通信処理の例を示すフローチャートである。イメージセンサ1211は、図76に示されるような構成を有する。アプリケーションプロセッサ1212は、図77に示されるような構成を有する。
KEY_UPDATE要求メッセージ内のKEY_UPDATE operations内のVerifyNewKeyのOperationは、双方向通信の制御系通信(CCI)に適用されることが可能だが、片方向通信の画像系通信(CSI-2)に適用されることが不可能である。そのため、制御系通信で更新した新セッション鍵(暗号化鍵またはMAC鍵)が正しく導出されたことを、画像系通信において検証する。
新セッション鍵の使用開始タイミング指定を省略し、新セッション鍵を検証してもよい。新セッション鍵を仮使用して拡張パケットを検証してもよい。例えば、新セッション鍵を仮使用して拡張パケットのMAC値または復号を検証し、その検証結果がFAILの場合には本使用しているセッション鍵によって拡張パケットのMAC値または復号を検証する。そして、その検証結果もFAILな場合、END_SESSION要求を送信し、新セッション鍵およびセッション鍵を破棄またはクリーンアップすることによってセッションを終了させる。新セッション鍵が正しく導出されていると判断できる場合、セッション鍵の破棄またはクリーンアップを開始し、新セッション鍵の本使用を開始する。
センサは、プロセッサからの指示に応じてセッション鍵を選択してもよい。例えば、イメージセンサが新セッション鍵を仮使用して拡張パケット(被検証データ)を送信し、プロセッサによる拡張パケット検証結果に応じてセッション鍵の再使用を開始してもよい。
が更新される。
例えば、図195に示されるように、KeyUpdateReqやKeySwitchTimingを利用して新セッション鍵の使用開始タイミングを指定するようにしてもよい。
ト値を1に設定してもよい。
埋込データや読み出し応答によって新セッション鍵の使用開始タイミングを指定してもよい。使用開始タイミングを指定するメッセージ(使用開始タイミング指定)は、埋込データ内または画像データ内またはユーザ定義データ内または読み出し応答(帯域内割込み含む)内に格納されて送信されてもよい。使用開始タイミング指定は、メッセージカウント値(メッセージカウンタの値)を含んでもよい。その場合、使用開始タイミングとして指定されたメッセージカウント値の拡張パケットの一部または全部から、新セッション鍵の使用が開始されてもよい。また、使用開始タイミング指定は、フレーム番号(フレームカウント値)を含んでもよい。その場合、使用開始タイミングとして指定されたフレーム番号の拡張パケットの一部または全部から、新セッション鍵の使用が開始されてもよい。また、使用開始タイミング指定は、eDT(拡張データタイプ)またはDT(データタイプ)の値を含んでもよい。その場合、次のライン以降に送信される、使用開始タイミングとして指定されたeDTまたはDTの拡張パケットの一部または全部から、新セッション鍵の使用が開始されてもよい。
書き込み命令によって、プロセッサが、新セッション鍵の使用開始タイミングを指定してもよい。つまり、使用開始タイミングを指定するメッセージ(使用開始タイミング指定)は、書き込み命令内に格納されて送信されてもよい。使用開始タイミング指定は、メッセージカウント値(メッセージカウンタの値)を含んでもよい。その場合、使用開始タイミングとして指定されたメッセージカウント値の拡張パケットの一部または全部から、新セッション鍵の使用が開始されてもよい。また、使用開始タイミング指定は、フレーム番号(フレームカウント値)を含んでもよい。その場合、使用開始タイミングとして指定されたフレーム番号の拡張パケットの一部または全部から、新セッション鍵の使用が開始されてもよい。また、使用開始タイミング指定は、eDT(拡張データタイプ)またはDT(データタイプ)の値を含んでもよい。その場合、使用開始タイミング指定でOKの読み出し応答以降に送信される、使用開始タイミングとして指定されたeDTまたはDTの拡張パケットの一部または全部から、新セッション鍵の使用が開始されてもよい。
次セッション鍵(新セッション鍵)の使用開始に応じて更新(例えば、インクリメントまたはデクリメントまたは乱数)される鍵ID情報を送信することによって、次セッション鍵(新セッション鍵)の使用開始タイミングを指定してもよい。
1つのExport Master Secretから複数のセッション鍵(暗号化鍵またはMAC鍵)を導出してもよい。例えば、仮想チャネル毎または拡張仮想チャネル毎にセッション鍵を異ならせたい場合に有効である。
ト(例えば、拡張パケットヘッダ、Service Descriptor、パケットデータ)内に格納されて画像系データ受信側で受信または画像系データ送信側から送信されてもよい。また、Key1とKey2とが同一か否かを示す情報またはKey3とKey4とが同一か否かを示す情報は、画像系通信向けセッション鍵または新セッション鍵の使用が画像系データ送信側で開始される前に、制御系通信向けセッション鍵によって保護された制御系通信を利用して(例えば、他パラメータ情報の一部または全部として)制御系通信ホストから送信または制御系通信デバイスで受信され、画像系通信向けセッション鍵または新セッション鍵のうち使用開始する鍵または使用開始した鍵の鍵IDに対応する情報(例えば、Key1、Key2、Key3、またはKey4の何れかの指定)は、画像系通信向けセッション鍵または新セッション鍵の画像系データ送信側における使用開始に応じて(または使用が画像系データ送信側で開始された後に)、画像系通信の拡張パケット(例えば、拡張パケットヘッダ、Service Descriptor、パケットデータ)内に格納されて画像系データ受信側で受信または画像系データ送信側から送信されてもよい。また、Key1とKey2とが同一か否かを示す情報またはKey3とKey4とが同一か否かを示す情報の送信または受信は、画像系通信ホストと画像系通信デバイスとの間の事前合意(Private contract)で代用されてもよい。つまり、画像系通信ホストと画像系通信デバイスとは、ぞれぞれ、事前合意された情報に従ってKey1とKey2とが同一か否かまたはKey3とKey4とが同一か否かを判断してもよく、事前合意された情報に従って同じセッション鍵で暗号化の有効化と無効化とを切り替え(ON/OFF)してもよい。具体的には、Key1とKey2とが同一またはKey3とKey4とが同一であることが事前合意された場合、「0b001/0b010」の切り替えまたは「0b100/0b101」の切り替えによって、同じセッション鍵で暗号化の「有効化/無効化(ON/OFF)」を切り替え可能だが、これらのビット割り当てや表現は異なってもよい。
図208に示されている通信システム3100は、アプリケーションプロセッサ3110およびイメージセンサ3120を備える。アプリケーションプロセッサ3110とイメージセンサ3120とは、例えば、1本の通信経路3130で接続される。通信経路3130は、制御系通信経路かつ画像系通信経路(例えば、A-PHY、USLに準拠するD-PHYまたはC-PHYなど)である。なお、アプリケーションプロセッサ3110とイメージセンサ3120とが、複数本の通信経路3130で接続されてもよい。また、アプリケーションプロセッサ3110とイメージセンサ3120とが、制御系通信経路と画像系通信経路とが別々に構成された複数本の通信経路で接続されてもよい。
図209は、通信システム3100のブロックの一変形例を示す図である。本変形例では、アプリケーションプロセッサ3110とイメージセンサ3120とが、1本の制御系通信経路3131および1本の画像系通信経路3132で接続される。制御系通信経路3131は、例えば、CCIである。画像系通信経路3132は、例えば、C-PHYまたはD-PHYである。なお、本変形例において、アプリケーションプロセッサ3110とイメージセンサ3120とが、複数本の制御系通信経路3131および複数本の画像系通信経路3132で接続でれてもよい。また、アプリケーションプロセッサ3110とイメージセンサ3120とが、1本の通信経路3130で接続されてもよい。
図210は、通信システム3100のブロックの一変形例を示す図である。本変形例では、変形例Aに係る通信システム3100において、Control Planeホスト3112がブリッジ一端3110bに設けられる。この場合、ブリッジ一端3110bとセンサ部3120aとの間の制御系通信は、Control Planeセッション鍵によって保護される。しかし、通信制御部3110aとブリッジ一端3110bとの間の制御系通信は、Control Planeセッション鍵によって保護されない。さらに、通信制御部3110aとブリッジ一端3110bとの間の画像系通信や、ブリッジ他端3120bとセンサ部3120aとの間の画像系通信は、Data Planeセッション鍵によって保護されない。そのため、例えば、Data Plane新セッション鍵の使用開始タイミング指定がブリッジ他端3120bからブリッジ一端3110bに自主送信されたとしても、通信制御部3110aはData Planeセッション鍵の更新要否を判断できない。その結果、通信制御部3110aが最新のセッション鍵を適切なタイミングで生成し、送信することができない。つまり、ブリッジ一端3110bおよびブリッジ他端3120bが、最新のセッション鍵を適切なタイミングで受信できない。
図211は、通信システム3100のブロックの一変形例を示す図である。本変形例では、変形例Aに係る通信システム3100において、Data Planeデバイス3123がセンサ部3120aに設けられ、ブリッジ他端3120bのSPDMレスポンダ3124が省略される。ブリッジ他端3120bは省略されてもよい。この場合、通信制御部3110aとセンサ部3120aとの間の制御系通信は、Control Planeセッション鍵によって保護される。また、ブリッジ一端3110bとセンサ部3120aとの間の画像系通信は、Data Planeセッション鍵によって保護される。しかし、通信制御部3110aとブリッジ一端3110bとの間の画像系通信は、Data Planeセッション鍵によって保護されない。そのため、例えば、Data Plane新セッション鍵の使用開始タイミング指定がセンサ部3120aからブリッジ一端3110bに自主送信されたとしても、通信制御部3110aはData Planeセッション鍵の更新要否を判断できない。その結果、通信制御部3110aが最新のセッション鍵を適切なタイミングで生成し、送信することができない。つまり、ブリッジ一端3110bおよびセンサ部3120aが、最新のセッション鍵を適切なタイミングで受信できない。
図212は、通信システム3100のブロックの一変形例を示す図である。本変形例では、変形例Cに係る通信システム3100において、Control Planeホスト3112がブリッジ一端3110bに設けられる。ブリッジ他端3120bは省略されてもよい。この場合、ブリッジ一端3110bとセンサ部3120aとの間の制御系通信は、Control Planeセッション鍵によって保護され、ブリッジ一端3110bとセンサ部3120aとの間の画像系通信は、Data Planeセッション鍵によって保護される。しかし、通信制御部3110aとブリッジ一端3110bとの間の制御系通信は、Control Planeセッション鍵によって保護されない。また、通信制御部3110aとブリッジ一端3110bとの間の画像系通信は、Data Planeセッション鍵によって保護されない。そのため、例えば、Data Plane新セッション鍵の使用開始タイミング指定がセンサ部3120aからブリッジ一端3110bに自主送信されたとしても、通信制御部3110aはData Planeセッション鍵の更新要否を判断できない。その結果、通信制御部3110aが最新のセッション鍵を適切なタイミングで生成し、送信することができない。つまり、ブリッジ一端3110bおよびセンサ部3120aが、最新のセッション鍵を適切なタイミングで受信できない。
図213は、通信システム3100のブロックの一変形例を示す図である。本変形例では、変形例Aに係る通信システム3100において、Control Planeデバイス3122がブリッジ他端3120bに設けられ、センサ部3120aのSPDMレスポンダ3121aが省略される。この場合、通信制御部3110aとブリッジ他端3120bとの間の制御系通信は、Control Planeセッション鍵によって保護され、ブリッジ一端3110bとブリッジ他端3120bとの間の画像系通信は、Data Planeセッション鍵によって保護される。しかし、ブリッジ他端3120bとセンサ部3120aとの間の制御系通信は、Control Planeセッション鍵によって保護されない。また、通信制御部3110aとブリッジ一端3110bとの間の画像系通信や、ブリッジ他端3120bとセンサ部3120aとの間の画像系通信は、Data Planeセッション鍵によって保護されない。そのため、例えば、Data Plane新セッション鍵の使用開始タイミング指定がブリッジ他端3120bからブリッジ一端3110bに自主送信されたとしても、通信制御部3110aはData Planeセッション鍵の更新要否を判断できない。その結果、通信制御部3110aが最新のセッション鍵を適切なタイミングで生成し、送信することができない。つまり、ブリッジ一端3110bおよびブリッジ他端3120bが、最新のセッション鍵を適切なタイミングで受信できない。
図214は、通信システム3100のブロックの一変形例を示す図である。本変形例では、変形例Eに係る通信システム3100において、Control Planeホスト3112がブリッジ一端3110bに設けられる。この場合、ブリッジ一端3110bとブリッジ他端3120bとの間の制御系通信は、Control Planeセッション鍵によって保護され、ブリッジ一端3110bとブリッジ他端3120bとの間の画像系通信は、Data Planeセッション鍵によって保護される。しかし、通信制御部3110aとブリッジ一端3110bとの間の制御系通信や、ブリッジ他端3120bとセンサ部3120aとの間の制御系通信は、Control Planeセッション鍵によって保護されない。また、通信制御部3110aとブリッジ一端3110bとの間の画像系通信や、ブリッジ他端3120bとセンサ部3120aとの間の画像系通信は、Data Planeセッション鍵によって保護されない。そのため、例えば、Data Plane新セッション鍵の使用開始タイミング指定がブリッジ他端3120bからブリッジ一端3110bに自主送信されたとしても、通信制御部3110aはData Planeセッション鍵の更新要否を判断できない。その結果、通信制御部3110aが最新のセッション鍵を適切なタイミングで生成し、送信することができない。つまり、ブリッジ一端3110bおよびブリッジ他端3120bが、最新のセッション鍵を適切なタイミングで受信できない。
図215は、通信システム3100のブロックの一変形例を示す図である。本変形例では、変形例Dに係る通信システム3100において、アプリケーションプロセッサ3110が通信制御部3110cを更に備える。本変形例では、SPDMリクエスタ3111aが通信制御部3110aに設けられ、SPDMレスポンダ3114、Control Planeホスト3112およびData Planeホスト3113が通信制御部3110cに設けられる。本変形例において、通信制御部3110aは、SSMCまたはアプリケーションプロセッサ(Root SoC)であり、通信制御部3110cは、アプリケーションプロセッサ(SoC)である。ブリッジ一端3110bおよびブリッジ他端3120bは省略されてもよい。
図216は、通信システム3100のブロックの一変形例を示す図である。本変形例では、変形例Gに係る通信システム3100において、Data Planeホスト3113がブリッジ一端3110bに設けられ、SPDMレスポンダ3115が更にブリッジ一端3110bに設けられる。ブリッジ他端3120bは省略されてもよい。
ところで、Control Plane向けに2つ以上のMACモードが設けられていてもよい。センサ部3120aまたはブリッジ他端3120bは、MAC値を、次フレームの高速データ送信の埋め込みデータ、または、次CCIコマンドのデータに格納して、通信制御部3110a,3110c,またはブリッジ一端3110bに送信または通信制御部3110a,3110c,またはブリッジ一端3110bから受信してもよい。このときのMAC値は、通信制御部3110a,3110c,またはブリッジ一端3110bとセンサ部3120aまたはブリッジ他端3120bとの間で所定期間内または所定ビット幅内に送信された書き込み命令、読み出し命令および読み出し応答(つまり、CCIコマンド)の一部もしくは全部をメッセージ認証の保護対象とする。このときのMACモードをRunningモードと称する。
(2)SPDMセッションにブロック暗号CBCモードまたはブロック暗号CTRモードの何れかとCMACとの組み合わせ
(3)Control planeセッションにブロック暗号CBCモードまたはブロック暗号CTRモードの何れかとCMACとの組み合わせ
(4)Data planeセッションにブロック暗号CBCモードまたはブロック暗号CTRモードの何れかとCMACとの組み合わせ
次に、リプレイ攻撃対策例について説明する。
図234、図235、図236、図237は、通信システム3100におけるControl planeセッションのフローチャート例を示したものである。図235のフローは、図234に続くフローである。
図238、図239、図240、図241は、通信システム3100におけるData planeセッションのフローチャート例を示したものである。図239のフローは、図238に続くフローである。
図243は、上記実施の形態およびその変形例におけるライトデータ(WRITE DATA;書き込みデータ)のパケット構成の一例を示したものである。図244は、上記実施の形態およびその変形例におけるライトデータの処理の一例を表したものである。なお、図243、図244において破線で示した箇所は、オプションである。
図292は、上述した一連の処理をプログラムにより実行するコンピュータのハードウェアの構成例を示すブロック図である。
なお、本技術は以下のような構成も取ることができる。
(1)
第1デバイスと第2デバイスとの間の第1通信と、第3デバイスと前記第2デバイスとの間の第2通信とを保護する保護部を備え、
前記保護部は、
前記第1通信を利用して第1セッション鍵を導出または受信し、
前記第1セッション鍵を前記第1通信の暗号化もしくは復号とメッセージ認証とに使用し、
前記第1セッション鍵によって保護された前記第1通信を使用して第2セッション鍵を受信し、
前記第2セッション鍵を前記第2通信の暗号化、復号またはメッセージ認証に使用し、
前記第2セッション鍵の使用開始から使用終了までの間の総通信回数もしくは総通信データ量は、前記第1デバイスと前記第3デバイスと間の第3通信と、前記第1通信とにおいて互いに異なる
情報処理装置。
(2)
前記第1通信の通信経路は、前記第3通信の通信経路よりも長く、
前記総通信回数もしくは前記総通信データ量は、前記第3通信よりも前記第1通信において少ない
(1)に記載の情報処理装置。
(3)
前記保護部は、
前記第2通信を使用して、前記第2セッション鍵の使用開始タイミング指定を送信または受信し、
前記第3通信を使用して、前記使用開始タイミング指定または前記使用開始タイミング指定に関する情報を送信または受信する
(1)または(2)に記載の情報処理装置。
(4)
前記使用開始タイミング指定または前記使用開始タイミング指定に関する情報は、前記第3通信のERROR応答メッセージ、HEARTBEAT_ACK応答メッセージおよびVendor defined SPDMメッセージのうちの少なくともいずれかによって、前記第3デバイスから前記第1デバイスに送信される
(3)に記載の情報処理装置。
(5)
前記保護部は、前記第2通信を使用して、前記第2通信に関連する特異メッセージを送信または受信する
(1)ないし(4)のいずれか1つに記載の情報処理装置。
(6)
前記保護部は、前記第3通信を使用して、前記特異メッセージまたは前記特異メッセージに関連する情報を送信または受信する
(5)に記載の情報処理装置。
(7)
前記特異メッセージまたは前記特異メッセージに関連する情報は、前記第3通信のERROR応答メッセージ、HEARTBEAT_ACK応答メッセージおよびVendor defined SPDMメッセージのうちの少なくともいずれかによって、前記第3デバイスから前記第1デバイスに送信される
(5)または(6)に記載の情報処理装置。
(8)
(1)ないし(7)のいずれか1つに記載の情報処理装置。
(9)
前記第3デバイスは、前記第3通信を使用して前記第2セッション鍵を受信し、前記第2セッション鍵を前記第2通信の前記暗号化、復号、またはメッセージ認証に使用し、
前記第2通信は、双方向通信であり、
前記第2デバイスまたは前記第3デバイスは、ブリッジ装置の一部または全部であり、
前記第2セッション鍵は、前記第1通信を使用して送信または受信された後に前記第3通信を使用して送信または受信される
(1)ないし(7)のいずれか1つに記載の情報処理装置。
(10)
前記保護部は、前記第1通信または前記第3通信において、前記第2セッション鍵とは異なる乱数を送信または受信する
(1)ないし(9)のいずれか1つに記載の情報処理装置。
(11)
前記保護部は、前記第1通信または前記第3通信において、前記第2セッション鍵の使用状況が確認される周期に関連する情報、または前記第2セッション鍵が更新される周期に関連する情報を送信または受信する
(1)ないし(10)のいずれか1つに記載の情報処理装置。
(12)
前記保護部は、前記第1通信または前記第3通信において、前記第2通信のメッセージカウンタに関連する情報を送信または受信する
(1)ないし(11)のいずれか1つに記載の情報処理装置。
(13)
前記保護部は、メッセージカウンタと前記メッセージカウンタに応じて変化する追加メッセージカウンタとを含み、
前記メッセージカウンタのカウント値と前記追加メッセージカウンタのカウント値とは、前記第2セッション鍵を使用する前記メッセージ認証によって保護されるメッセージの一部であり、
前記保護部は、前記第2通信において、前記メッセージカウンタのカウント値を送信または受信する
(1)ないし(12)のいずれか1つに記載の情報処理装置。
(14)
前記保護部は、前記第1通信または前記第3通信において、前記第2セッション鍵の使用開始を要求するメッセージを送信または受信する
(1)ないし(13)のいずれか1つに記載の情報処理装置。
(15)
前記保護部は、前記第1通信または前記第3通信において、前記第2セッション鍵の使用終了を要求するメッセージを送信または受信する
(1)ないし(14)のいずれか1つに記載の情報処理装置。
(16)
前記第2通信の前記暗号化、復号またはメッセージ認証には、MACモードを含む初期化ベクトルが用いられる
(1)ないし(15)のいずれか1つに記載の情報処理装置。
(17)
前記保護部は、前記第2通信において、画像データおよび前記画像データに関連する埋め込みデータの送信または受信を行い、
前記埋め込みデータは、フレーム単位毎に変化するナンス情報の一部もしくは全部を含む
(1)ないし(16)のいずれか1つに記載の情報処理装置。
(18)
前記ナンス情報は、CMACまたはHMACによって保護される
(17)に記載の情報処理装置。
(19)
第1デバイスと第2デバイスとの間の第1通信と、第3デバイスと前記第2デバイスとの間の第2通信とを保護する保護部を備え、
前記保護部は、
前記第1通信を利用して第1セッション鍵を導出または受信し、
前記第1セッション鍵を前記第1通信の暗号化もしくは復号とメッセージ認証とに使用し、
前記第1セッション鍵によって保護された前記第1通信を使用して第2セッション鍵を受信し、
前記第2セッション鍵を前記第2通信の暗号化、復号またはメッセージ認証に使用し、
前記第2セッション鍵の使用開始から使用終了までの間の総通信回数もしくは総通信データ量は、前記第1デバイスと前記第3デバイスと間の第3通信と、前記第1通信とにおいて互いに異なる
移動体装置。
(20)
第1デバイスと第2デバイスとの間の第1通信と、第3デバイスと前記第2デバイスとの間の第2通信とを保護する保護部を備え、
前記保護部は、
前記第1通信を利用して第1セッション鍵を導出または受信し、
前記第1セッション鍵を前記第1通信の暗号化もしくは復号とメッセージ認証とに使用し、
前記第1セッション鍵によって保護された前記第1通信を使用して第2セッション鍵を受信し、
前記第2セッション鍵を前記第2通信の暗号化、復号またはメッセージ認証に使用し、
前記第2セッション鍵の使用開始から使用終了までの間の総通信回数もしくは総通信データ量は、前記第1デバイスと前記第3デバイスと間の第3通信と、前記第1通信とにおいて互いに異なる
通信システム。
(21)
第1デバイスと第2デバイスとの間の第1通信と、第3デバイスと前記第2デバイスとの間の第2通信とを保護する保護部を備え、
前記保護部は、
前記第1通信を利用して第1セッション鍵を導出または受信し、
前記第1セッション鍵を前記第1通信の暗号化もしくは復号とメッセージ認証とに使用し、
前記第1セッション鍵によって保護された前記第1通信を使用して第2セッション鍵を受信し、
前記第2セッション鍵を前記第2通信のメッセージ認証に使用し、
第1メッセージ認証ポリシーおよび第2メッセージ認証ポリシーのうち何れか一方を選択した前記第2通信におけるメッセージ認証ポリシーに基づいて前記第2通信の前記メッセージ認証を検証する
情報処理装置。
(22)
前記保護部は、前記第1通信を介して送信または受信された情報に基づいて前記第2通信におけるメッセージ認証ポリシーを選択する
(1)ないし(21)のいずれか1つに記載の情報処理装置。
(23)
前記保護部は、機能レジスタを含み、前記機能レジスタに格納される情報を、前記第1通信を介して送信または受信し、
前記機能レジスタには、前記保護部が選択可能なメッセージ認証ポリシー候補を示す情報が格納され、
前記メッセージ認証ポリシー候補は、前記第1メッセージ認証ポリシーおよび前記第2メッセージ認証ポリシーのうち少なくとも何れかであり、
前記保護部は、前記機能レジスタに格納された、前記メッセージ認証ポリシー候補の中から、前記第2通信における前記メッセージ認証ポリシーを選択する
(21)または(22)記載の情報処理装置。
(24)
前記保護部は、機能レジスタを含み、前記機能レジスタに格納される情報を、前記第1通信を介して送信または受信し、
前記機能レジスタには、前記第2通信の前記メッセージ認証に対して前記保護部が保持できるデータ量上限に関連する情報が格納され、
前記保護部は、前記データ量上限を超えない範囲内のデータ群に対して前記第2通信の前記メッセージ認証を検証する
(1)ないし(23)のいずれか1つに記載の情報処理装置。
(25)
前記保護部は、前記第2通信の前記メッセージ認証に対する内部処理順序として、第1内部処理順序および第2内部処理順序のうち何れか一方を選択する
(1)ないし(24)のいずれか1つに記載の情報処理装置。
(26)
前記保護部は、前記第2通信を使用して、メッセージ群または拡張パケットヘッダの送信または受信を行い、
前記メッセージ群における最終メッセージまたは前記拡張パケットヘッダが、MAC演算またはCRC演算を完了できるか否かを示す情報を含む
(1)ないし(25)のいずれか1つに記載の情報処理装置。
(27)
前記保護部は、
前記第2セッション鍵を前記第2通信の少なくとも暗号化もしくは復号に使用し、
GCM、CCM、CTRモードおよびCBCモードのうちのいずれかのアルゴリズムに基づいて前記暗号化もしくは復号を行う
(1)ないし(26)のいずれか1つに記載の情報処理装置。
(28)
前記保護部は、前記第2通信の前記暗号化、復号またはメッセージ認証で用いられるまたは用いられた最新の初期化ベクトルを、前記第1デバイスまたは前記第3デバイスからの要求または命令に応じて、前記第1通信または前記第2通信を介して送信または受信する
(1)ないし(27)のいずれか1つに記載の情報処理装置。
(29)
前記第2通信は、画像データおよび埋め込みデータを送信または受信する画像系通信を制御する通信であり、
前記保護部は、前記第2通信の前記暗号化、復号またはメッセージ認証で用いられるまたは用いられた最新の初期化ベクトルを、前記画像系通信を介して送信または受信する
(1)ないし(28)のいずれか1つに記載の情報処理装置。
(30)
前記保護部は、前記第2通信を使用して、メッセージ群または拡張パケットヘッダの送信または受信を行い、
前記メッセージ群における最終メッセージまたは前記拡張パケットヘッダが、前記第2通信の前記復号を開始できるか否かを示す情報を含む
(1)ないし(29)のいずれか1つに記載の情報処理装置。
(31)
前記保護部は、前記第2通信の前記復号の対象となる暗号化されたデータを含むデータ群に対してCRC値を演算する
(1)ないし(30)のいずれか1つに記載の情報処理装置。
(32)
前記保護部は、送信するまたは受信したデータ群とは異なるデータ順序で内部処理を実行する
(1)ないし(31)のいずれか1つに記載の情報処理装置。
(33)
前記保護部は、メッセージカウンタ値、MAC値、もしくは初期化ベクトルが格納されるレジスタアドレスの受信、メッセージカウンタ値、MAC値、もしくは初期化ベクトルの受信、またはメッセージカウンタ値もしくはMAC値の検証成功に応じて、前記第2通信の前記復号を開始する
(1)ないし(32)のいずれか1つに記載の情報処理装置。
(34)
前記保護部は、暗号化されたデータの受信開始からそのメッセージ認証が完了するまでの間、後続の暗号化されたデータのみを新たなメッセージ認証対象とする
(1)ないし(33)のいずれか1つに記載の情報処理装置。
(35)
前記保護部は、
前記第2通信の前記暗号化または前記復号の実行要否を選択し、
送信するまたは受信したデータ群に対して内部処理を実行する順序を、前記第2通信の前記暗号化または前記復号の実行時と非実行時とで異ならせる
(1)ないし(34)に記載の情報処理装置。
(36)
前記保護部は、前記第2通信を使用して、レジスタアドレスまたは拡張パケットヘッダの送信または受信を行い、
前記レジスタアドレスまたは前記拡張パケットヘッダに対応する書き込みデータまたは読み出しデータの送信または受信を行い、
前記レジスタアドレスまたは前記拡張パケットヘッダは、前記第2通信の前記メッセージ認証で保護され、
前記保護部は、前記レジスタアドレスまたは前記拡張パケットヘッダの情報に基づいて、前記書き込みデータまたは前記読み出しデータに対する前記メッセージ認証または前記暗号化の要否を判断する
(1)ないし(35)のいずれか1つに記載の情報処理装置。
(37)
前記保護部は、前記第2通信におけるメッセージ認証ポリシーを、前記第3デバイスと前記第2デバイスとの間の事前合意によって選択する
(1)ないし(36)のいずれか1つに記載の情報処理装置。
(38)
前記第1デバイスと前記第3デバイスとは互いに別体、または互いに同一である
(1)ないし(37)のいずれか1つに記載の情報処理装置。
(39)
第1デバイスと第2デバイスとの間の第1通信と、第3デバイスと前記第2デバイスとの間の第2通信とを保護する保護部を備え、
前記保護部は、
前記第1通信を利用して第1セッション鍵を導出または受信し、
前記第1セッション鍵を前記第1通信の暗号化もしくは復号とメッセージ認証とに使用し、
前記第1セッション鍵によって保護された前記第1通信を使用して第2セッション鍵を受信し、
前記第2セッション鍵を前記第2通信のメッセージ認証に使用し、
第1メッセージ認証ポリシーおよび第2メッセージ認証ポリシーのうち何れか一方を前記第2通信におけるメッセージ認証ポリシーとして選択し、
選択した前記メッセージ認証ポリシーに基づいてメッセージ認証を検証する
移動体装置。
(40)
第1デバイスと第2デバイスとの間の第1通信と、第3デバイスと前記第2デバイスとの間の第2通信とを保護する保護部を備え、
前記保護部は、
前記第1通信を利用して第1セッション鍵を導出または受信し、
前記第1セッション鍵を前記第1通信の暗号化もしくは復号とメッセージ認証とに使用し、
前記第1セッション鍵によって保護された前記第1通信を使用して第2セッション鍵を受信し、
前記第2セッション鍵を前記第2通信のメッセージ認証に使用し、
第1メッセージ認証ポリシーおよび第2メッセージ認証ポリシーのうち何れか一方を前記第2通信におけるメッセージ認証ポリシーとして選択し、
選択した前記メッセージ認証ポリシーに基づいてメッセージ認証を検証する
通信システム。
(41)
前記保護部は、
第1暗号データと第1乱数で構成された第1初期化ベクトルとを前記第2通信を使用して受信し、前記第2セッション鍵および前記第1初期化ベクトルを用いてCBCモードで前記第1暗号データを前記復号するか否かの切り替えと、
第2乱数で構成された第2初期化ベクトルを生成し、前記第2初期化ベクトルおよび前記第2セッション鍵を用いて前記CBCモードによる前記暗号化で第2暗号データを演算し、前記第2暗号データと前記第2初期化ベクトルとを前記第2通信を使用して送信するか否かの切り替えと、
が可能に構成される
(1)ないし(40)のいずれか1つに記載の情報処理装置。
Claims (20)
- 第1デバイスと第2デバイスとの間の第1通信と、第3デバイスと前記第2デバイスとの間の第2通信とを保護する保護部を備え、
前記保護部は、
第1セッション鍵を導出または受信し、
前記第1セッション鍵を前記第1通信の暗号化もしくは復号とメッセージ認証とに使用し、
前記第1セッション鍵によって保護された前記第1通信を使用して第2セッション鍵を受信し、
前記第2セッション鍵を前記第2通信の暗号化、復号またはメッセージ認証に使用し、
前記第2セッション鍵の使用開始から使用終了までの間の総通信回数もしくは総通信データ量は、前記第1デバイスと前記第3デバイスと間の第3通信と、前記第1通信とにおいて互いに異なる
情報処理装置。 - 前記第1通信の通信経路は、前記第3通信の通信経路よりも長く、
前記総通信回数もしくは前記総通信データ量は、前記第3通信よりも前記第1通信において少ない
請求項1に記載の情報処理装置。 - 前記保護部は、
前記第2通信を使用して、前記第2セッション鍵の使用開始タイミング指定を送信または受信し、
前記第3通信を使用して、前記使用開始タイミング指定または前記使用開始タイミング指定に関する情報を送信または受信する
請求項1に記載の情報処理装置。 - 前記保護部は、前記第2通信を使用して、前記第2通信に関連する特異メッセージを送信または受信する
請求項1に記載の情報処理装置。 - 請求項1に記載の情報処理装置。
- 前記保護部は、前記第1通信または前記第3通信において、前記第2セッション鍵とは異なる乱数を送信または受信する
請求項1に記載の情報処理装置。 - 前記保護部は、前記第1通信または前記第3通信において、前記第2セッション鍵の使用状況が確認される周期に関連する情報、または前記第2セッション鍵が更新される周期に関連する情報を送信または受信する
請求項1に記載の情報処理装置。 - 前記保護部は、前記第1通信または前記第3通信において、前記第2通信のメッセージカウンタに関連する情報を送信または受信する
請求項1に記載の情報処理装置。 - 前記保護部は、メッセージカウンタと前記メッセージカウンタに応じて変化する追加メッセージカウンタとを含み、
前記メッセージカウンタのカウント値と前記追加メッセージカウンタのカウント値とは、前記第2セッション鍵を使用する前記メッセージ認証によって保護されるメッセージの一部であり、
前記保護部は、前記第2通信において、前記メッセージカウンタのカウント値を送信または受信する
請求項1に記載の情報処理装置。 - 前記保護部は、前記第1通信または前記第3通信において、前記第2セッション鍵の使用開始を要求するメッセージを送信または受信する
請求項1に記載の情報処理装置。 - 前記保護部は、前記第1通信または前記第3通信において、前記第2セッション鍵の使用終了を要求するメッセージを送信または受信する
請求項1に記載の情報処理装置。 - 前記第2通信の前記暗号化、復号またはメッセージ認証には、MACモードを含む初期化ベクトルが用いられる
請求項1に記載の情報処理装置。 - 前記保護部は、前記第2通信において、画像データおよび前記画像データに関連する埋め込みデータの送信または受信を行い、
前記埋め込みデータは、フレーム単位毎に変化するナンス情報の一部もしくは全部を含む
請求項1に記載の情報処理装置。 - 第1デバイスと第2デバイスとの間の第1通信と、第3デバイスと前記第2デバイスとの間の第2通信とを保護する保護部を備え、
前記保護部は、
第1セッション鍵を導出または受信し、
前記第1セッション鍵を前記第1通信の暗号化もしくは復号とメッセージ認証とに使用し、
前記第1セッション鍵によって保護された前記第1通信を使用して第2セッション鍵を受信し、
前記第2セッション鍵を前記第2通信の暗号化、復号またはメッセージ認証に使用し、
前記第2セッション鍵の使用開始から使用終了までの間の総通信回数もしくは総通信データ量は、前記第1デバイスと前記第3デバイスと間の第3通信と、前記第1通信とにおいて互いに異なる
移動体装置。 - 第1デバイスと第2デバイスとの間の第1通信と、第3デバイスと前記第2デバイスとの間の第2通信とを保護する保護部を備え、
前記保護部は、
第1セッション鍵を導出または受信し、
前記第1セッション鍵を前記第1通信の暗号化もしくは復号とメッセージ認証とに使用し、
前記第1セッション鍵によって保護された前記第1通信を使用して第2セッション鍵を受信し、
前記第2セッション鍵を前記第2通信の暗号化、復号またはメッセージ認証に使用し、
前記第2セッション鍵の使用開始から使用終了までの間の総通信回数もしくは総通信データ量は、前記第1デバイスと前記第3デバイスと間の第3通信と、前記第1通信とにおいて互いに異なる
通信システム。 - 前記第2セッション鍵を前記第2通信の前記メッセージ認証に使用し、
第1メッセージ認証ポリシーおよび第2メッセージ認証ポリシーのうち何れか一方を選択した前記第2通信におけるメッセージ認証ポリシーに基づいて前記第2通信の前記メッセージ認証を検証する
請求項1に記載の情報処理装置。 - 前記保護部は、前記第1通信を介して送信または受信された情報に基づいて前記第2通信におけるメッセージ認証ポリシーを選択する
請求項1に記載の情報処理装置。 - 前記保護部は、機能レジスタを含み、前記機能レジスタに格納される情報を、前記第1通信を介して送信または受信し、
前記機能レジスタには、前記第2通信の前記メッセージ認証に対して前記保護部が保持できるデータ量上限に関連する情報が格納され、
前記保護部は、前記データ量上限を超えない範囲内のデータ群に対して前記第2通信の前記メッセージ認証を検証する
請求項1に記載の情報処理装置。 - 前記保護部は、前記第2通信を使用して、メッセージ群または拡張パケットヘッダの送信または受信を行い、
前記メッセージ群における最終メッセージまたは前記拡張パケットヘッダが、MAC演算またはCRC演算を完了できるか否かを示す情報を含む
請求項1に記載の情報処理装置。 - 前記保護部は、
第1暗号データと第1乱数で構成された第1初期化ベクトルとを前記第2通信を使用して受信し、前記第2セッション鍵および前記第1初期化ベクトルを用いてCBCモードで前記第1暗号データを前記復号するか否かの切り替えと、
第2乱数で構成された第2初期化ベクトルを生成し、前記第2初期化ベクトルおよび前記第2セッション鍵を用いて前記CBCモードによる前記暗号化で第2暗号データを演算し、前記第2暗号データと前記第2初期化ベクトルとを前記第2通信を使用して送信するか否かの切り替えと、
が可能に構成される
請求項1に記載の情報処理装置。
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2022581276A JPWO2022172698A1 (ja) | 2021-02-09 | 2022-01-17 | |
US18/037,245 US20240007295A1 (en) | 2021-02-09 | 2022-01-17 | Information processor, mobile body apparatus, and communication system |
CN202280013138.8A CN116803050A (zh) | 2021-02-09 | 2022-01-17 | 信息处理设备、移动设备及通信系统 |
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2021018760 | 2021-02-09 | ||
JP2021-018760 | 2021-02-09 | ||
JP2021-091938 | 2021-05-31 | ||
JP2021091938 | 2021-05-31 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2022172698A1 true WO2022172698A1 (ja) | 2022-08-18 |
Family
ID=82837729
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2022/001450 WO2022172698A1 (ja) | 2021-02-09 | 2022-01-17 | 情報処理装置、移動体装置、および通信システム |
Country Status (3)
Country | Link |
---|---|
US (1) | US20240007295A1 (ja) |
JP (1) | JPWO2022172698A1 (ja) |
WO (1) | WO2022172698A1 (ja) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2014182467A (ja) * | 2013-03-18 | 2014-09-29 | Dainippon Printing Co Ltd | 情報記憶媒体、データ選択処理プログラム、及びデータ選択処理方法 |
WO2016075869A1 (ja) * | 2014-11-13 | 2016-05-19 | パナソニック インテレクチュアル プロパティ コーポレーション オブ アメリカ | 鍵管理方法、車載ネットワークシステム及び鍵管理装置 |
US20180109696A1 (en) * | 2016-10-14 | 2018-04-19 | Intel Corporation | Transmission of Encrypted Image Data |
JP2018182665A (ja) * | 2017-04-20 | 2018-11-15 | 富士通株式会社 | 通信装置、通信システム及び暗号化通信制御方法 |
-
2022
- 2022-01-17 WO PCT/JP2022/001450 patent/WO2022172698A1/ja active Application Filing
- 2022-01-17 US US18/037,245 patent/US20240007295A1/en active Pending
- 2022-01-17 JP JP2022581276A patent/JPWO2022172698A1/ja active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2014182467A (ja) * | 2013-03-18 | 2014-09-29 | Dainippon Printing Co Ltd | 情報記憶媒体、データ選択処理プログラム、及びデータ選択処理方法 |
WO2016075869A1 (ja) * | 2014-11-13 | 2016-05-19 | パナソニック インテレクチュアル プロパティ コーポレーション オブ アメリカ | 鍵管理方法、車載ネットワークシステム及び鍵管理装置 |
US20180109696A1 (en) * | 2016-10-14 | 2018-04-19 | Intel Corporation | Transmission of Encrypted Image Data |
JP2018182665A (ja) * | 2017-04-20 | 2018-11-15 | 富士通株式会社 | 通信装置、通信システム及び暗号化通信制御方法 |
Also Published As
Publication number | Publication date |
---|---|
JPWO2022172698A1 (ja) | 2022-08-18 |
US20240007295A1 (en) | 2024-01-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11134100B2 (en) | Network device and network system | |
US9596075B2 (en) | Transparent serial encryption | |
ES2691258T3 (es) | Sistema y método para una comunicación anfitrión-esclavo segura | |
US11086810B2 (en) | Intelligent controller and sensor network bus, system and method including multi-layer platform security architecture | |
WO2017038500A1 (ja) | 中継装置 | |
US11156987B2 (en) | Intelligent controller and sensor network bus, system and method including a message retransmission mechanism | |
WO2022075081A1 (ja) | 情報処理装置、移動体装置、および通信システム | |
WO2022050057A1 (ja) | 情報処理装置、移動体装置、および通信システム | |
KR20200050384A (ko) | 동기식 데이터 네트워크들을 통한 콘텐트 보호 | |
EP3751781B1 (en) | Overhead reduction for link protection | |
US20200089645A1 (en) | Security techniques for a peripheral component interconnect (pci) express (pcie) system | |
US20230208825A1 (en) | Method and Apparatus for Managing Reception of Secure Data Packets | |
JP2017121091A (ja) | Ecu、及び車用ネットワーク装置 | |
WO2022113812A1 (ja) | 情報処理装置、移動体装置、および通信システム | |
CN114270328A (zh) | 智能控制器和传感器网络总线以及包括多层平台安全架构的系统和方法 | |
WO2022172698A1 (ja) | 情報処理装置、移動体装置、および通信システム | |
US11809163B2 (en) | Intelligent controller and sensor network bus, system and method including a message retransmission mechanism | |
CN116803050A (zh) | 信息处理设备、移动设备及通信系统 | |
JP6348150B2 (ja) | 通信システム、通信制御装置及び不正情報送信防止方法 | |
US11599649B2 (en) | Method and apparatus for managing transmission of secure data packets | |
WO2021222641A1 (en) | Intelligent controller and sensor network bus, system and method including a message retransmission mechanism | |
WO2023243433A1 (ja) | 情報処理装置、情報処理方法、プログラム、および通信システム | |
WO2023210325A1 (en) | Transmission apparatus, transmission method, reception apparatus, reception method, program, and transmission system | |
WO2023223821A1 (ja) | 送信装置、受信装置、情報処理方法、プログラム、および通信システム | |
KR101081773B1 (ko) | 이더넷 lan에서 프레임 보안을 위한 물리 계층 데이터 보안 장치 및 방법 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 22752530 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 18037245 Country of ref document: US |
|
ENP | Entry into the national phase |
Ref document number: 2022581276 Country of ref document: JP Kind code of ref document: A |
|
WWE | Wipo information: entry into national phase |
Ref document number: 202280013138.8 Country of ref document: CN |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 22752530 Country of ref document: EP Kind code of ref document: A1 |