WO2026022977A1 - Appareil de gestion de données, procédé de gestion de données et support non transitoire lisible par ordinateur - Google Patents

Appareil de gestion de données, procédé de gestion de données et support non transitoire lisible par ordinateur

Info

Publication number
WO2026022977A1
WO2026022977A1 PCT/JP2024/026491 JP2024026491W WO2026022977A1 WO 2026022977 A1 WO2026022977 A1 WO 2026022977A1 JP 2024026491 W JP2024026491 W JP 2024026491W WO 2026022977 A1 WO2026022977 A1 WO 2026022977A1
Authority
WO
WIPO (PCT)
Prior art keywords
node
parent
verification
stored
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
PCT/JP2024/026491
Other languages
English (en)
Inventor
Hung Quoc BUI
Jun Furukawa
Takuya Hayashi
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
NEC Corp
Original Assignee
NEC Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by NEC Corp filed Critical NEC Corp
Priority to PCT/JP2024/026491 priority Critical patent/WO2026022977A1/fr
Publication of WO2026022977A1 publication Critical patent/WO2026022977A1/fr
Pending legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1458Protection against unauthorised use of memory or access to memory by checking the subject access rights
    • G06F12/1466Key-lock mechanism
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/02Addressing or allocation; Relocation
    • G06F12/08Addressing or allocation; Relocation in hierarchically structured memory systems, e.g. virtual memory systems
    • G06F12/0802Addressing of a memory level in which the access to the desired data or data block requires associative addressing means, e.g. caches
    • G06F12/0875Addressing of a memory level in which the access to the desired data or data block requires associative addressing means, e.g. caches with dedicated cache, e.g. instruction or stack
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1416Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights
    • G06F12/1425Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being physical, e.g. cell, word, block
    • G06F12/1441Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being physical, e.g. cell, word, block for a range
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2212/00Indexing scheme relating to accessing, addressing or allocation within memory systems or architectures
    • G06F2212/10Providing a specific technical effect
    • G06F2212/1016Performance improvement
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2212/00Indexing scheme relating to accessing, addressing or allocation within memory systems or architectures
    • G06F2212/10Providing a specific technical effect
    • G06F2212/1052Security improvement

Definitions

  • the present disclosure generally relates to data handling apparatus, data handling method, and non-transitory computer-readable medium.
  • Memory data is required to be protected and secured.
  • memory banks which store memory data, are considered unsecured and could be tempered with to modify the memory data within.
  • PTL1 discloses a general electronic processing system that achieves authenticated memory encryption.
  • PTL1 does not concretely describe a method for efficiently processing intermediary data necessary to verify the memory data.
  • An objective of the present disclosure is to provide a novel technique to improve the performance of the verification of the memory data.
  • the present disclosure provides a data handling apparatus that comprises at least one logic circuit that is configured to: acquire an identifier of a target nonce that is stored in a leaf node of a tree, wherein the tree includes: a root node storing a nonce; a plurality of intermediary nodes storing a nonce and a tag; and a plurality of the leaf nodes storing a nonce and a tag, and wherein the tag stored in a node is computed using the nonce that is valid and stored in a parent of the node and the nonce stored in the node, generate a chain data for a target node that is the node storing the target nonce and add the chain data to verification information, wherein the chain data represents a progress of a set of verification chain process for the target node and one or more verification chain processes for ancestors of the target node, wherein the verification chain process can be concurrently performed for a plurality of the target nodes, and wherein the verification information includes the chain data for each target node
  • the present disclosure further provides a data handling method that is performed by a computer, comprises: acquiring an identifier of a target nonce that is stored in a leaf node of a tree, wherein the tree includes: a root node storing a nonce; a plurality of intermediary nodes storing a nonce and a tag; and a plurality of the leaf nodes storing a nonce and a tag, and wherein the tag stored in a node is computed using the nonce that is valid and stored in a parent of the node and the nonce stored in the node, generating a chain data for a target node that is the node storing the target nonce and add the chain data to verification information, wherein the chain data represents a progress of a set of verification chain process for the target node and one or more verification chain processes for ancestors of the target node, wherein the verification chain process can be concurrently performed for a plurality of the target nodes, and wherein the verification information includes the chain data for each target no
  • the present disclosure further provides a non-transitory computer readable medium storing a program.
  • the program that causes a computer to execute: acquiring an identifier of a target nonce that is stored in a leaf node of a tree, wherein the tree includes: a root node storing a nonce; a plurality of intermediary nodes storing a nonce and a tag; and a plurality of the leaf nodes storing a nonce and a tag, and wherein the tag stored in a node is computed using the nonce that is valid and stored in a parent of the node and the nonce stored in the node, generating a chain data for a target node that is the node storing the target nonce and add the chain data to verification information, wherein the chain data represents a progress of a set of verification chain process for the target node and one or more verification chain processes for ancestors of the target node, wherein the verification chain process can be concurrently performed for a plurality of the target nodes,
  • Fig. 1 illustrates data structures that are handled by an data handling apparatus and used for memory authentication.
  • Fig. 2 illustrates an overview of the data handling apparatus.
  • Fig. 3 illustrates an example structure of the verification information.
  • Fig. 4 is a block diagram showing an example of the functional configuration of the data handling apparatus.
  • Fig. 5 is a block diagram illustrating an example of the hardware configuration of a computer that realizes the data handling apparatus.
  • Fig. 6 is a flowchart illustrating an example of an overall flow of processes performed by the data handling apparatus.
  • Fig. 7 is a flowchart illustrating an example flow of verification chain process.
  • Fig. 8 illustrates an example of the more detailed structure of the head data and the state data.
  • Fig. 9 illustrates an example of the storage area preassigned to the verification information.
  • Fig. 10 is an example flow of the verification process.
  • Fig. 11 is a flowchart illustrating an example of an overall flow of processes performed by the data handling apparatus.
  • Fig. 12 shows a flowchart illustrating an example flow of verification chain process.
  • Fig. 13 shows a flowchart illustrating an example flow of verification chain process.
  • predetermined information e.g., a predetermined value or a predetermined threshold
  • a storage unit may be implemented with one or more storage devices, such as hard disks, solid-state drives (SSDs), or random-access memories (RAMs).
  • Fig. 1 illustrates data structures that are handled by an data handling apparatus and used for memory authentication.
  • a computer memory 10 that are divided into multiple memory locations, each of which can store memory data 20.
  • the computer memory 10 is a storage medium storing temporary data, such as a random access memory (RAM).
  • RAM random access memory
  • the memory location 12 can be identified by an identifier assigned thereto, such as an address.
  • the memory location 12 in which the memory data 20 is stored is associated with an authentication tag 30.
  • the authentication tag 30 is generated using the corresponding memory data 20.
  • a hash function or other types of rules may be used to compute the authentication tag 30 from the corresponding memory data 20.
  • the authentication tag 30 is a hash value that is computed by applying the corresponding memory data 20 to the hash function.
  • nonces 40 (arbitrary numbers used once) are used in conjunction with the memory data 20.
  • Each memory location 12 is also associated with the nonce 40.
  • the nonce 40 corresponding to the memory location 12 is updated when the memory data 20 in the memory location 12 changes.
  • the nonce 40 may be an integer that increments with each update to the corresponding memory location 12.
  • nonce can also be referred to as counter.
  • the nonces 40 are managed using a hieratical data structure, such as a tree.
  • the tree 50 includes a root node 52, intermediary nodes 54, and a leaf nodes 56.
  • the root node 52 is the node located at the highest level of the tree 50. Unless otherwise stated, the level of the tree 50 at which the root node is located is referred to as level zero.
  • the nonce 40 stored in the root node 52 is referred to as a root nonce.
  • the root node 52 is stored in a RoT (root of trust) storage device 70, which is inherently trusted and secure by design, and thus can be treated as an RoT.
  • the RoT storage device 70 may be, for example, a temper-resistant storage. The integrity of the root nonce is assured since the root node 52 is stored in the RoT storage device 70.
  • the intermediary node 54 are nodes located between the root node 52 and the leaf nodes 56, and therefore have both a parent and one or more children.
  • the intermediary node 54 includes a pair of the nonce tag 60 and the nonce 40.
  • the leaf nodes 56 are nodes having no children, and associated with an authentication tag 30 and one or more memory locations 12.
  • the leaf node 56 also includes a pair of the nonce tag 60 and the nonce 40.
  • the nodes other than the root node 52 are stored in a storage device 80, which is not treated as an RoT.
  • the storage device 80 may be the computer memory 10 or another storage device, such as a RAM, a memory card, a hard disk, etc.
  • the nonce tag 60 stored in a particular node is computed using the nonce 40 stored in the parent of that particular node.
  • the nonce 40 stored in a node is treated as the data D and the nonce 40 stored in the parent of that node is treated as the nonce N, thereby computing T as the nonce tag 60 to be stored in that node.
  • the authentication tag 30 is computed using the memory data 20 stored in the corresponding memory location 12 and the nonce 40 stored in the corresponding leaf node 56.
  • T is computed as the authentication tag 30 by applying the memory data 20 stored in the corresponding memory location 12 as the data D and the nonce 40 stored in the corresponding leaf node 56 as the nonce N to the function F(D, N). It is noted that the function or rule to compute the authentication tag 30 can be different from that to compute the nonce tag 60.
  • two or more trees 50 can be used.
  • the computer memory 10 is divided into two or more sections, and the tree 50 is generated for each section.
  • two or more pieces of computer memory 10 are used, and the tree 50 is generated for each computer memory 10.
  • a system When the memory data 20 is being read, a system, referred to as a verification system, performs memory authentication on the memory data 20.
  • the memory authentication on the memory data 20 requires the nonce 40 stored in the leaf node 56 corresponding to that memory data 20, hereinafter, referred to as a target nonce.
  • the verification system sends the request for the target nonce.
  • FIG. 2 illustrates an overview of a data handling apparatus 2000. It is noted that Fig. 2 does not limit operations of the data handling apparatus 2000, but merely show an example of possible operations of the data handling apparatus 2000.
  • the data handling apparatus 2000 acquires the identifier of the target nonce. Then, the data handling apparatus 2000 verifies the node in which the target nonce stored (hereinafter, referred to as a target node) and outputs result data, which represents the result of the verification on the target node.
  • the result data is the target nonce when the target node is determined to be valid whereas the target data is an error notification (e.g., a specific error code) that indicates the target node is determined to be invalid.
  • the verification of a node means the verification of the nonce stored in that node.
  • the verification of the target node requires the verification of the parent of the target node since the nonce 40 stored in the parent is required to verify the target node.
  • this set of verifications required for the verification of the target node is called a verification chain for the target node.
  • the data handling apparatus 2000 is configured to handle a verification chain for the target node more efficiently than simply verifying all the parents of the target node. It is assumed that the data handling apparatus 2000 is configured to be capable of concurrently handling two or more verification chains. When two or more target nodes share common ancestor nodes, the verifications of those ancestors would be performed redundantly. These redundant executions of verifications waste the computer resources and the computation time.
  • the data handling apparatus 2000 manages the progress of the verification chains using state information, which indicates the current progress for each verification chain, thereby reducing redundancy in verifications of nodes.
  • Fig. 3 illustrates an example structure of the verification information 100.
  • the verification information 100 includes a chain data 120 for each verification chain and a root data 130.
  • the root data 130 includes the root nonce.
  • the root nonce may be put into the root data 130 in advance or when the first time the root nonce is required to verify the node. It is noted that the verification information 100 may include two or more root data 130 when one or more trees 50 are used.
  • the chain data 120 indicates the current progress of the verification chain corresponding thereto.
  • the chain data 120 includes a head data 140 and one or more pieces of state data 150.
  • the head data 140 indicates the identifier of the corresponding verification chain.
  • the identifier of the verification chain may be the identifier of the target nonce for which this verification chain is being performed.
  • the state data 150 is associated with a node, and indicates the current progress of the verification of the corresponding node.
  • the state data 150 is linked with other state data 150 to represent a chain of verifications. Specifically, the state data 150 of a particular node may be linked to the state data 150 of the parent of that particular node.
  • the data handling apparatus 2000 After acquiring the identifier of the target nonce, the data handling apparatus 2000 generates the chain data 120 for the target node and add it to the verification information 100.
  • This chain data 120 includes the head data 140 and the state data 150 of the target node that are linked with each other.
  • the data handling apparatus 2000 performs verification chain process for the target node to perform verification chain for the target node.
  • the verification chain process for the target node the verification chain process is recursively performed for the ancestors of the target node if necessary.
  • the verification chain process for a node includes: recursively executing the verification chain process for the parent of the node if necessary; acquiring the node from the storage device 80; and verifying the node using the nonce 40 stored in the parent.
  • the verification chain process for the parent is not necessary when this verification chain process has already been initiated as a part of another verification chain.
  • the data handling apparatus 2000 determines whether the verification information 100 includes the state data 150 of the parent.
  • the data handling apparatus 2000 does not perform verification chain process for the parent since the verification chain process for the parent has already been initiated. This means that recursive executions of the verification chain process stops at this point.
  • the data handling apparatus 2000 performs the verification chain process for the parent.
  • the node is verified after the verification chain process for its parent finishes.
  • the node is verified as invalid when its parent is verified as invalid.
  • the data handling apparatus 2000 After the verification chain for the target node terminates, the data handling apparatus 2000 outputs the result data.
  • the current progress of each verification chain is managed using the verification information, and the verification chain process for the parent is not performed when this verification chain process has already been initiated. Due to this mechanism, the number of executions of the verification chain processes is reduced. Thus, according to the data handling apparatus 2000, the consumption of computer resources and the time required for acquiring the valid target node are reduced.
  • FIG. 4 is a block diagram showing an example of the functional configuration of the data handling apparatus 2000.
  • the data handling apparatus 2000 includes an acquiring unit 2020, a verifying unit 2040, and an output unit 2060.
  • the acquiring unit 2020 acquires the identifier (e.g., address) of the target node.
  • the verifying unit 2040 performs verification chain for the target node. Specifically, the verifying unit 2040 performs verification chain process for the target node. In the verification chain process for the target node, verification chain process is recursively performed for the ancestors of the target node if necessary.
  • the verification chain process for a node determines whether the verification chain process for the parent has already been initiated, by referring to the verification information 100.
  • the verifying unit 2040 performs verification chain process for the parent when the verification information 100 indicates that the verification chain process for the parent has not been initiated.
  • the verification chain process for the parent is also not performed when the parent is the root node 52. Since the root node 52 is stored in the RoT storage device 70, the validity of the root node 52 is assured without verification.
  • the output unit 2060 outputs the result data that indicates the result of the verification of the target node. For example, the target node is set to the result data when the target node is verified as valid while the error notification is set to the result data when the target node is verified as invalid.
  • the data handling apparatus 2000 may be realized by a special-purpose computer manufactured for implementing the data handling apparatus 2000, or may be a general-purpose computer.
  • this computer is a semiconductor that includes a field-programmable gate arrays (FPGA), an application-specific integrated circuit (ASIC), or a microprocessor unit (MPU).
  • FPGA field-programmable gate arrays
  • ASIC application-specific integrated circuit
  • MPU microprocessor unit
  • the computer is configured to execute a program (e.g., firmware) implementing the functional units of the data handling apparatus 2000.
  • a program e.g., firmware
  • the program causes the computer to function as the data handling apparatus 2000.
  • This program may be deployed in various ways.
  • the program is deployed by deploying a storage medium (such as a DVD (digital versatile disc) or a USB (Universal Serial Bus) memory) in which the program is stored in advance.
  • a storage medium such as a DVD (digital versatile disc) or a USB (Universal Serial Bus) memory
  • the program can be downloaded from a server machine that manages a storage medium in which the program is stored in advance.
  • Fig. 5 is a block diagram illustrating an example of the hardware configuration of a computer 1000 that realizes the data handling apparatus 2000.
  • the computer 1000 includes a bus 1020, a processor 1040, a primary storage 1060, a secondary storage 1080, a first interface 1100, and a second interface 1120.
  • the bus 1020 is a data transmission channel in order for the processor 1040, the primary storage 1060, the secondary storage 1080, the first interface 1100, and the second interface 1120 to mutually transmit and receive data.
  • the processor 1040 is a processer, such as a FPGA, an ASIC or an MPU, that is configured to execute the instructions included in the above mentioned program.
  • the primary storage 1060 is a primary memory component, such as a RAM, on which the program to be executed by the processor 1040 is loaded from the secondary storage 1080.
  • the verification information 100 and other temporary data may also be stored in the primary storage 1060.
  • the secondary storage 1080 is a secondary memory component, such as a read only memory (ROM) or a RAM, in which the program is stored in advance.
  • ROM read only memory
  • RAM random access memory
  • the first interface 1100 is an interface between the computer 1000 and a device (e.g., a processor such as a central processing unit (CPU)) that accesses the computer memory 10 to acquire the memory data 20.
  • the second interface 1120 is an interface between the computer 1000 and the computer memory 10.
  • the functions of the data handling apparatus 2000 may be implemented as hardwired program, instead of software program.
  • the functions of the data handling apparatus 2000 are embedded into hardware components such as logic circuits.
  • the collection of the logic circuits that implements the data handling apparatus 2000 is included in a semiconductor device, such as ASICs or FPGAs.
  • Fig. 6 is a flowchart illustrating an example of an overall flow of processes performed by the data handling apparatus 2000.
  • the acquiring unit 2020 acquires the identifier of the target nonce (S102).
  • the verifying unit 2040 generates the chain data 120 for the target node and add it to the verification information 100 (S104).
  • the verifying unit 2040 performs verification chain process for the targe node (S106).
  • the output unit 2060 outputs the result data (S108).
  • Fig. 7 is a flowchart illustrating an example flow of verification chain process.
  • the node currently undergoing the verification chain process is denoted by Nc.
  • the parent of the node Nc is denoted by Np.
  • the verifying unit 2040 determines whether the parent Np is the root node (S202). When the parent Np is the root node (S202: YES), the verifying unit 2040 links the state data 150 of the node Nc to the root data 130 (S204).
  • the verifying unit 2040 determines whether the verification information 100 includes the state data 150 of the parent Np (S206). When the verification information 100 includes the state data 150 of the parent Np (S206: YES), the verifying unit 2040 links the state data 150 of the node Nc to the state data 150 of the parent Np (S208).
  • the verifying unit 2040 When the verification information 100 does not include the state data 150 of the parent Np (S206: NO), the verifying unit 2040 generates the state data 150 of the parent Np (S210) and links the state data 150 of the node Nc to the state data 150 of the parent Np (S212).
  • the verifying unit 2040 performs verification chain process for the parent Np (S214). It is preferable that the verification chain process for the parent Np is concurrently performed with the verification chain process for the node Nc. In this case, the verification chain process for the node Nc continues without waiting until the verification chain process for the parent Np finishes.
  • the verifying unit 2040 acquires the node Nc from the storage device 80 (S216) and verify it (S218). It is noted that, as described in detail later, the verification of the node Nc (S218) is performed after the parent Np is verified since the parent Np is required to verify the node Nc.
  • the verification information 100 includes the chain data 120 for each verification chain.
  • the chain data 120 includes the head data 140 identifying the verification chain and the state data 150 indicating the current progress of the verification of the corresponding node.
  • Fig. 8 illustrates an example of the more detailed structure of the head data 140 and the state data 150.
  • the head data 140 includes an identifier 142 and a link 144.
  • the identifier 142 includes the identifier of the corresponding verification chain. Specifically, the identifier 142 may indicates the identifier of the target node for which the corresponding verification chain is being performed.
  • the link 144 indicates a link to the state data 150 of the target node.
  • the state data 150 includes a node identifier 151, a node 152, a verification flag 153, a valid flag 154, a number of children 155, a level 156, and a link 157.
  • the node identifier 151 indicates the identifier of the corresponding node.
  • the node 152 includes the content of the corresponding node, including the nonce tag 60 and the nonce 40.
  • the verification flag 153 indicates whether the corresponding node has been verified.
  • the valid flag 154 indicates whether the corresponding node is valid.
  • the number of children 155 indicates the number of the state data 150 of the children of the corresponding node.
  • the level 156 indicates the level within the tree 50 at which the corresponding node is located. It is noted that the state data 150 need not to include the level 156 when a specific set of storage areas, e.g., a set of registers, is preassigned to each level of the tree 50 as exemplified later.
  • the link 157 indicates a link to another state data 150 or the root data 130.
  • a specific storage area e.g., a set of registers
  • Fig. 9 illustrates an example of the storage area preassigned to the verification information 100.
  • the storage area 200 includes a sub area 210 for each head data 140, a sub area 220 for each state data 150, and a sub area 230 for the root data 130.
  • Each sub area may be realized by a certain type of storage device, such as a register.
  • These storage devices may be installed in the computer, such as a semiconductor device, with which the data handling apparatus 2000 is implemented.
  • the storage area 200 is configured to include M sub areas 210 so that the verification information 100 can contain a maximum of M chain data 120 (M is an integer larger than one).
  • the storage area 200 is configured to include M x K sub areas 220 so that each chain data 120 can contain a maximum of K state data 150 (K is an integer larger than one).
  • K is an integer larger than one.
  • Each sub area 220 is preassigned to a specific level of the tree. Specifically, the sub area 220 in the i-th column is preassigned to the i-th level of the tree 50, with the root node 52 being at level zero.
  • the state data 150 does not need to include the level 156 when each sub area 220 is preassigned to a specific level of the tree 50. It is because the position of the sub area 220 in which the state data 150 is stored implicitly represents the level of the tree 50 at which the node corresponding to the state data 150 is located.
  • the link to the state data 150 can be indicated by a pair of the row number and the column number that represents the position of the sub area 220 in which this state data 150 is stored.
  • each sub area 220 is assigned a row number and a column number.
  • the sub areas 220 are arranged in a table form.
  • the acquiring unit 2020 acquires the identifier of the target nonce (S102). There are various ways to acquire the identifier of the target nonce. For example, the acquiring unit 2020 receives, through the first interface 1100, the identifier of the target nonce that is sent from the device (e.g., a processor) that is requesting the valid target nonce. In another example, the identifier of the target nonce is stored at a specific storage device. In this case, the acquiring unit 2020 acquires the identifier of the target nonce from this storage device.
  • the device e.g., a processor
  • the verifying unit 2040 generates the chain data 120 for the target node (S104). Specifically, the verifying unit 2040 generates the head data 140 and the state data 150 for the target node and link them with each other, thereby generating the chain data 120 for the target node storing those head data 140 and state data 150.
  • the identifier 142 is set to the identifier of the target node in which the target nonce is stored.
  • the link 144 is set to the sate data 150 of the target node.
  • the verifying unit 2040 selects one of available sub areas 210, and stores the head data 140 into the selected sub area 210.
  • the verifying unit 2040 selects one of available sub areas 220 from the column corresponding to the level of the tree 50 at which the target node is located, and stores the state data 150 of the target node into the selected sub area 220.
  • the verifying unit 2040 performs the verification chain process for the target node (S106).
  • the overall flow of the verification chain process has been already exemplified with referring to Fig. 7.
  • the verification chain process depicted by Fig. 7 is further explained in more detail for the case where the storage area 200 is employed to store the verification information 100.
  • Step S202 the verifying unit 2040 determines whether the parent Np is the root node 52. To perform this determination, the verifying unit 2040 determines the identifier of the parent Np. There may be various ways to determine the identifier of the parent Np. For example, when the address of the node is used as the identifier of the node, the addresses are assigned to the tree 50 in such a manner that the position of each node can be converted into the address of the node.
  • Step S206 the verifying unit 2040 determines whether the verification information 100 includes the state data 150 of the parent Np. Specifically, the verifying unit 2040 checks whether the node identifier 151 indicates the identifier of the parent Np, for each one of the state data 150 stored in the sub area 220 in the column corresponding to the level in the tree 50 at which the parent Np is located. Suppose that the node Nc is located at the level j in the tree 50. In this case, the verifying unit 2040 refers to the sub areas 220 in the j-1 th column.
  • the verifying unit 2040 finds the node identifier 151 indicating the identifier of the parent Np, the verifying unit 2040 determines that the verification information 100 includes the state data 150 of the parent Np. On the other hand, the verifying unit 2040 does not find the node identifier 151 indicating the identifier of the parent Np, the verifying unit 2040 determines that the verification information 100 does not include the state data 150 of the parent Np.
  • Step S208 the verifying unit 2040 links the state data 150 of the node Nc to the state data 150 of the parent Np. Specifically, the verifying unit 2040 sets the link 157 of the state data 150 of the node Nc to the position of the sub area 220 in which the state data 150 of the parent Np is stored. In addition, the verifying unit 2040 increments the number of children 155 of the state data 150 of the parent Np. Step S212 is performed in the same manner as Step S208.
  • Step S210 the verifying unit 2040 generates the state data 150 of the parent Np.
  • the verifying unit 2040 selects one of the available sub areas 220 from the column corresponding to the level at which the parent Np is located to store the state data 150 of the parent Np into this sub area 220.
  • the state data 150 may include the node identifier 151, the node 152, the verification flag 153, the valid flag 154, the number of children 155, and the link 157.
  • the verifying unit 2040 sets the node identifier 151 of the parent Np to the identifier of the parent Np, the verification flag 153 of the parent Np to false, and the number of children 155 of the parent Np to one.
  • the verifying unit 2040 may set, to the node 152, a predefined value that represents the fact that the target node has not been acquired yet.
  • the verifying unit 2040 may set arbitrary value to the valid flag 154 since the valid flag 154 represents nothing when the verification flag 153 indicates false.
  • Step S216 the verifying unit 2040 acquires the node Nc from the storage device 80.
  • the verifying unit 2040 stores the node Nc acquired from the storage device 80 into the node 152 of the state data 150 of the node Nc.
  • Step S218, the verifying unit 2040 verifies the node Nc.
  • the verifying unit 2040 performs a specific process, referred to as verification process, to verify the node Nc.
  • Fig. 10 is an example flow of the verification process.
  • Step S302 the verifying unit 2040 repeatedly checks whether the verification flag 153 of the state data 150 of the parent Np indicates true. When this verification flag 153 indicates true, the verification process for the node Nc proceeds to Step S304.
  • the verifying unit 2040 determines whether the parent Np is valid (S304). Specifically, the verifying unit 2040 checks the valid flag 154 of the state data 150 of the parent Np. The parent Np is valid when this valid flag 154 indicates true while the parent Np is invalid when this valid flag 154 indicates false.
  • the verifying unit 2040 sets the valid flag 154 of the node Nc to false (S312).
  • the verifying unit 2040 verifies the node Nc. Specifically, the verifying unit 2040 computes a current tag using the nonce 40 stored in the parent Np and the nonce 40 stored in the node Nc (S306), and determines whether this tag matches the nonce tag 60 stored in the node Nc (S308). It is noted that the nonce 40 stored in the parent Np can be acquired from the node 152 of the state data 150 of the parent Np that is linked from the state data 150 of the node Nc. It is also noted that the verification performed in Steps S306 and S308 may be delegated to an apparatus other than the data handling apparatus 2000.
  • the verifying unit 2040 sets the valid flag 154 of the state data 150 of the node Nc to true (S310), in order to represent that the node Nc is valid.
  • the verifying unit 2040 sets the valid flag 154 to false (S312), in order to represent that the node Nc is invalid.
  • the verifying unit 2040 sets the verification flag 153 of the node Nc to true, in order to represent that the node Nc is verified (S312).
  • verification processes may be managed by a scheduler, referred to as verification scheduler to sequentially execute the verification processes.
  • the verification scheduler is configured to perform verification process for a node Nc after the parent Np is verified.
  • the verification process does not need to include Step S302. In other words, the verification process does not need to be suspended until the verification of the parent finishes.
  • the verifying unit 2040 registers the node Nc in a verification list, which is a list of the nodes for which verification process is to be performed.
  • the verification scheduler may be configured to repeatedly check the verification list, select one of the nodes from the verification list, and performs verification process for the selected node.
  • Various scheduling algorithms such as first in first out (FIFO), can be employed under the limitation that it is required to select the node from the verification list only after the parent of the node is verified.
  • the verifying unit 2040 may delete the chain data 120 for the target node after the verification of that target node finishes. Specifically, the verifying unit 2040 deletes the chain data 120 by releasing the sub area 210 in which the head data 140 of that chain data 120 is stored and the sub areas 220 in which the state data 150 of that chain data 120 are stored, thereby making this sub area 210 and these sub areas 220 available for a future verification chain.
  • the sub area 210 may be released by setting a predefined value representing the sub area 210 is not used thereto.
  • this predefined value is set to a partial area of the sub area 210 that is preassigned to the identifier 142.
  • the sub area 220 may be released by setting a predefined value representing the sub area 220 is not used thereto.
  • this predefined value is set to a partial area of the sub area 220 that is preassigned to the node identifier 151.
  • the verifying unit 2040 can delete the chain data 120 at arbitrary timing after the verification of the target node finishes. For example, the verifying unit 2040 may delete after Step S218 (verification of node Nc) when the node Nc is the target node. In another example, the verifying unit 2040 may delete the chain data 120 after outputting the result data.
  • the verifying unit 2040 does not delete the state data 150, whose number of children 155 is larger than one, and its ancestors since those state data 150 are shared with other chain data 120.
  • the data handling apparatus 2000 of the second example embodiment is configured to store the node, which is acquired from the storage device 80 and verified as valid, into a cache storage for future use. This assures that the nodes stored in the cache storage are valid.
  • the data handling apparatus 2000 when the data handling apparatus 2000 is required to verify a node, the data handling apparatus 2000 tries to acquire this node from the cache storage first, and treat the node as valid without executing the verification chain process for this node when this node is acquired from the cache storage. When the node is not stored in the cache storage, the data handling apparatus 2000 acquires this node from the storage device 80 and verify it.
  • Fig. 11 is a flowchart illustrating an example of an overall flow of processes performed by the data handling apparatus 2000.
  • the flow depicted by Fig. 11 is different from that depicted by Fig. 6 in that it has Step S402 between Steps S102 and S104.
  • Step S402 the verifying unit 2040 determines whether the target node is stored in the cache storage.
  • the data handling apparatus 2000 can acquire the target node that has been verified as valid from the cache storage, without performing the verification chain process for the target node.
  • the output unit 2060 outputs the target node acquired from the cache storage as the result data when the target node is stored in the cache storage (S402: YES).
  • the data handling apparatus 2000 has to acquire the target node from the storage device 80 and verify it.
  • the verifying unit 2040 performs Steps S104 to S108.
  • the verifying unit 2040 also tries to acquire the node from the cache storage in the chain verification process.
  • the node is treated as valid without performing the verification process for that node. Since there is no need to verify that node, there is also no need to perform the verification chain process for the parent of that node.
  • the verifying unit 2040 also tries to acquire the node from the cache storage in the chain verification process.
  • the verification chain process performed by the verifying unit 2040 of the second example embodiment is exemplified.
  • Fig. 12 and Fig. 13 show a flowchart illustrating an example flow of verification chain process.
  • the flow depicted by Fig. 12 and Fig. 13 is different from that depicted by Fig. 7 in that it has Steps 502 to S512 instead of S210 to S214.
  • the processes depicted by Fig. 13 are performed before performing Step S216. Specifically, the verifying unit 2040 determines whether the parent Np is stored in the cache storage (S502). When the parent Np is stored in the cache storage (S502: YES), the verifying unit 2040 generates the state data 150 of the parent Np (S504). Since the parent Np is acquired from the cache storage, the state data 150 of the parent Np is generated to indicate that the parent Np has already been verified as valid in Step S504. Specifically, the verifying unit 2040 sets both the verification flag 153 and the valid flag 154 to true.
  • Step S504 the verifying unit 2040 links the state data 150 of the parent Np to the state data 150 of the node Nc (S506). Then, the verification chain process for the node Nc proceeds to S216, which is depicted by Fig. 12.
  • the verifying unit 2040 When it is determined that the parent Np is not stored in the cache storage in Step S502 (S502: NO), the verifying unit 2040 generates the state data 150 of the parent Np in the same manner as Step S210 (S508). In this case, the verification flag 153 is set to false to indicate that the parent Np is unverified. Then, the verifying unit 2040 links the state data 150 of the node Nc to the state data 150 of the parent Np (S510). Further, the verifying unit 2040 performs the verification chain process for the parent Np (S512). The verification chain process for the node Nc proceeds to Step S216, which is depicted by Fig. 12.
  • the secondary storage 1080 stores the program that implements the data handling apparatus 2000 of the second example embodiment.
  • the computer 1000 includes the cache storage or the computer 1000 has access to the cache storage installed outside the computer 1000.
  • Non-transitory computer readable media include any type of tangible storage media.
  • Examples of non-transitory computer readable media include magnetic storage media (such as floppy disks, magnetic tapes, hard disk drives, etc.), optical magnetic storage media (e.g., magneto-optical disks), CD-ROM (compact disc read only memory), CD-R (compact disc recordable), CD-R/W (compact disc rewritable), and semiconductor memories (such as mask ROM, PROM (programmable ROM), EPROM (erasable PROM), flash ROM, RAM (random access memory), etc.).
  • magnetic storage media such as floppy disks, magnetic tapes, hard disk drives, etc.
  • optical magnetic storage media e.g., magneto-optical disks
  • CD-ROM compact disc read only memory
  • CD-R compact disc recordable
  • CD-R/W compact disc rewritable
  • semiconductor memories such as mask ROM, PROM (programmable ROM), EPROM (erasable PROM), flash
  • the program may be provided to a computer using any type of transitory computer readable media.
  • Examples of transitory computer readable media include electric signals, optical signals, and electromagnetic waves.
  • Transitory computer readable media can provide the program to a computer via a wired communication line (e.g., electric wires, and optical fibers) or a wireless communication line.
  • a data handling apparatus comprising: at least one logic circuit that is configured to: acquire an identifier of a target nonce that is stored in a leaf node of a tree, wherein the tree includes: a root node storing a nonce; a plurality of intermediary nodes storing a nonce and a tag; and a plurality of the leaf nodes storing a nonce and a tag, and wherein the tag stored in a node is computed using the nonce that is valid and stored in a parent of the node and the nonce stored in the node, generate a chain data for a target node that is the node storing the target nonce and add the chain data to verification information, wherein the chain data represents a progress of a set of verification chain process for the target node and one or more verification chain processes for ancestors of the target no
  • (Supplementary Note 2) The data handling apparatus according to supplementary note 1, wherein the chain data includes state data for each node for which the verification chain process is being executed, wherein it is determined that the verification chain process for the parent of the particular node has not been initiated when failing to detect the state data of the parent from the state data of the nodes located at one level higher than the particular node in the tree.
  • the data handling apparatus includes: determining whether the parent of the particular node is stored in the cache storage; determining that the parent is valid when the parent is stored in the cache storage; verifying the particular node using the tag stored in the particular node and the nonce stored in the parent; and storing the particular node into the cache storage when the particular node is verified as valid.
  • a data handling method performed by a computer comprising: acquiring an identifier of a target nonce that is stored in a leaf node of a tree, wherein the tree includes: a root node storing a nonce; a plurality of intermediary nodes storing a nonce and a tag; and a plurality of the leaf nodes storing a nonce and a tag, and wherein the tag stored in a node is computed using the nonce that is valid and stored in a parent of the node and the nonce stored in the node, generating a chain data for a target node that is the node storing the target nonce and add the chain data to verification information, wherein the chain data represents a progress of a set of verification chain process for the target node and one or more verification chain processes for ancestors of the target node, wherein the verification chain process can be concurrently performed for a plurality of the target nodes, and wherein the verification information includes the chain data for each target
  • the data handling method includes: determining whether the parent of the particular node is stored in the cache storage; determining that the parent is valid when the parent is stored in the cache storage; verifying the particular node using the tag stored in the particular node and the nonce stored in the parent; and storing the particular node into the cache storage when the particular node is verified as valid.
  • a non-transitory computer-readable medium storing a program that causes a computer to execute: acquiring an identifier of a target nonce that is stored in a leaf node of a tree, wherein the tree includes: a root node storing a nonce; a plurality of intermediary nodes storing a nonce and a tag; and a plurality of the leaf nodes storing a nonce and a tag, and wherein the tag stored in a node is computed using the nonce that is valid and stored in a parent of the node and the nonce stored in the node, generating a chain data for a target node that is the node storing the target nonce and add the chain data to verification information, wherein the chain data represents a progress of a set of verification chain process for the target node and one or more verification chain processes for ancestors of the target node, wherein the verification chain process can be concurrently performed for a plurality of the target nodes, and wherein
  • the chain data includes state data for each node for which the verification chain process is being executed, wherein it is determined that the verification chain process for the parent of the particular node has not been initiated when failing to detect the state data of the parent from the state data of the nodes located at one level higher than the particular node in the tree.
  • the medium according to supplementary note 14, wherein the verification of the particular node includes: determining whether the parent of the particular node is stored in the cache storage; determining that the parent is valid when the parent is stored in the cache storage; verifying the particular node using the tag stored in the particular node and the nonce stored in the parent; and storing the particular node into the cache storage when the particular node is verified as valid.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Signal Processing (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computing Systems (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Un appareil de traitement de données acquiert un identifiant d'un nonce cible. Le nonce cible est stocké dans un nœud feuille d'un arbre, l'arbre comprenant des nœuds, chacun de ceux-ci stockant un nonce et une étiquette. Le nonce stocké dans le nœud est vérifié à l'aide de l'étiquette stockée dans le nœud et du nonce stocké dans le nœud parent. Pour vérifier un nœud cible qui stocke le nonce cible, l'appareil de gestion de données vérifie de manière récursive les ancêtres des nœuds si nécessaire. Spécifiquement, dans l'appareil de traitement de données, la vérification d'au moins deux nœuds cibles peut être mise en œuvre simultanément. Ainsi, l'appareil de traitement de données effectue une vérification d'un nœud ancêtre du nœud cible lorsque cette vérification n'a pas encore été initiée en tant que partie de la vérification d'un autre nœud cible.
PCT/JP2024/026491 2024-07-24 2024-07-24 Appareil de gestion de données, procédé de gestion de données et support non transitoire lisible par ordinateur Pending WO2026022977A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/JP2024/026491 WO2026022977A1 (fr) 2024-07-24 2024-07-24 Appareil de gestion de données, procédé de gestion de données et support non transitoire lisible par ordinateur

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2024/026491 WO2026022977A1 (fr) 2024-07-24 2024-07-24 Appareil de gestion de données, procédé de gestion de données et support non transitoire lisible par ordinateur

Publications (1)

Publication Number Publication Date
WO2026022977A1 true WO2026022977A1 (fr) 2026-01-29

Family

ID=98565254

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2024/026491 Pending WO2026022977A1 (fr) 2024-07-24 2024-07-24 Appareil de gestion de données, procédé de gestion de données et support non transitoire lisible par ordinateur

Country Status (1)

Country Link
WO (1) WO2026022977A1 (fr)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190260799A1 (en) * 2016-09-23 2019-08-22 Apple Inc. Systems and methods for detecting replay attacks on security space
US20210311640A1 (en) * 2018-12-18 2021-10-07 Arm Limited Integrity tree for memory integrity checking

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190260799A1 (en) * 2016-09-23 2019-08-22 Apple Inc. Systems and methods for detecting replay attacks on security space
US20210311640A1 (en) * 2018-12-18 2021-10-07 Arm Limited Integrity tree for memory integrity checking

Similar Documents

Publication Publication Date Title
CN111615818B (zh) 一种区块链构建方法及区块链节点
CN106548349B (zh) 交易信息验证方法及系统
US11316868B2 (en) Information verification system, information verification device, method and program
CN110445769B (zh) 业务系统的访问方法及装置
JP2020524434A (ja) ブロックチェーン・ネットワークにおける高速伝搬のための方法及び特殊ネットワーク・ノード
CN112214519A (zh) 一种数据查询方法、装置、设备及可读介质
CN113888164B (zh) 区块链交易池实现方法、装置、计算机设备和存储介质
KR102864752B1 (ko) 소프트웨어의 인증을 위한 장치 및 방법
CN112506481A (zh) 业务数据交互方法、装置、计算机设备和存储介质
US10049113B2 (en) File scanning method and apparatus
JP2024163229A (ja) 分析装置、分析方法、及び分析プログラム
KR101890584B1 (ko) m of n 다중 서명에 의한 인증서 서비스를 제공하는 방법 및 이를 이용한 서버
CN110659484A (zh) 生成对于文件信息的请求以执行防病毒扫描的系统和方法
CN110022345A (zh) 联盟链中的请求处理方法、系统、装置及设备
CN110674500A (zh) 存储介质病毒查杀方法、装置、计算机设备和存储介质
CN117473020A (zh) 数据存取方法、系统及计算机存储介质和终端设备
CN109255232B (zh) 一种软件加载方法以及软件加载装置
US20240241864A1 (en) Data verification method and apparatus, device, and storage medium
WO2026022977A1 (fr) Appareil de gestion de données, procédé de gestion de données et support non transitoire lisible par ordinateur
CN111464258B (zh) 一种数据校验方法、装置、计算设备及介质
CN116910819A (zh) 远程确认要检查计算单元中计算机程序的完整性的方法和系统
CN113010894B (zh) 一种数据处理方法、装置及计算机可读存储介质
CN113704249A (zh) 一种区块链中使用静态默克尔树的方法和装置
US12204634B2 (en) Secure device tracking via device ownership service
KR20180040857A (ko) 머클 트리 구조를 사용하여 m of n 다중 서명에 의한 인증서 서비스를 제공하는 방법 및 이를 이용한 서버

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 24948676

Country of ref document: EP

Kind code of ref document: A1