JP2002259216A - Method for detecting electronic file alteration, method for describing electronic file for the same and communication equipment - Google Patents

Abstract

PROBLEM TO BE SOLVED: To detect the alteration of a portion that has been already received in a step in which a portion of an electronic file is receive and also to decide whether or not the entire electronic file is received. SOLUTION: A transmission source divides an original electronic file into file configuration units X(1) to X(N). Then, record units 240, etc., are produced in the following way, and the record units 240 are sequentially transmitted. In the production of a record unit, a descriptor H for checking the completeness of file units, an identifier F for checking whether or not the file units are the first part or the last part of an electronic file, and a descriptor C' for checking the completeness (meaning that preceding and subsequent file units are not omitted) of the consecutive relation of the file units are attached to the respective file units X.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to the detection of falsification of an electronic file used in an information terminal such as a television or a computer and suitable for checking the integrity of acquired digital content. The present invention relates to a method for detecting falsification of an electronic file suitable for an information terminal having a function of acquiring a large amount of data such as a video file, a method for describing an electronic file, and a communication apparatus.

[0002]

2. Description of the Related Art Referring to FIG.
A method for detecting falsification of an electronic image and a method for describing an electronic file therefor will be described. FIG. 7 shows one electronic file record transmitted from a transmission source through a network. In FIG. 7, A, B,
C and D are file units, respectively. Original electronic files (user information) are originally file units A, B, C, D
The other elements shown in FIG. 7 are added by the transmission source to detect tampering in network transmission.

[0003] DA is a descriptor for detecting falsification of the file unit A, and is attached to the file unit B. DB is a descriptor for detecting falsification of the file unit B, and is attached to the file unit D. DC is a descriptor for detecting tampering in file unit C, and is not embedded in any file unit. DD is a descriptor for detecting falsification of the file unit D, and is attached to the file unit C.

[0004] In the figure, "Dall" is a descriptor for detecting falsification of a portion surrounded by a square (file units A, B, C, D, descriptors DA, DB, DD), and a sequence key is provided with a descriptor. The order is encrypted. The order is the file units A, B, D, and C. Therefore, as described above, the descriptor DB is assigned to the file unit D after the file unit B, and the descriptor DD is assigned to the file unit C after the file unit D.

[0005] The descriptors DC, Dall, and order key are added to the electronic file record at the end separately from the file unit. In this figure, the transmission order in file units is A,
It is assumed that the order is B, D, C.

Next, the operation of the transmission destination will be described. When the transmission destination receives all of the electronic file records, it first decrypts the order key, and the transmission order of the files is A, B, D,
Know that it is C. Next, the descriptor Dall is calculated from the portion enclosed by the rectangle in FIG. 7, and this is compared with the descriptor Dall included in the transmitted file record. If these match, the file is determined to be complete without tampering. If they do not match, it is determined that part of the file is incomplete. The incomplete part is the descriptor D
It can be specified using A, DB, or the like. That is, considering the case where the file unit A is to be checked, the receiver only needs to calculate the descriptor DA from the file unit A and compare this with the transmitted descriptor DA. Descriptor DA,
Functions for calculating DB, DC, DD, and Dall include:
A hash function or other appropriate function is used.

[0007]

Since the conventional electronic file falsification detection method, electronic file falsification detection method, and electronic file description method therefor are configured as described above, the acquisition of the entire file is completed. Until then, its integrity could not be checked. For example, even when the file units A and B and the descriptor DA are acquired, even if the inspection is performed, the integrity of the file unit A and the file unit A before the file unit B are not missing or falsified. (If missing or falsified, the descriptor DA does not match), it is not possible to check the integrity of the last file unit B received at the moment. Further, it is impossible to determine whether the file unit A is at the head of the file, the file unit B is at the end of the file, and the like.

SUMMARY OF THE INVENTION The present invention has been made to solve the above-described problems. When a part of an electronic file is received, it is possible to detect tampering of the already received part, It is an object of the present invention to provide a falsification detection method for an electronic file that can determine whether or not an electronic file has been received, a description method of the electronic file, and a communication device for that.

[0009]

An electronic file tampering detection method according to the present invention is a method of detecting tampering of an electronic file having a plurality of file units associated in a certain order, and includes a method of detecting each file unit and its corresponding file unit. Checking the integrity of the file unit by using the assigned information; determining whether the file unit is the first file unit of the electronic file by using each file unit and the information assigned to the file unit; Checking whether the file unit is a file unit, and, using at least one file unit immediately before and after each file unit and information given to each file unit, completeness of a continuity relationship between the file units. Inspection step.

[0010] A communication apparatus according to the present invention includes a receiving unit that receives sequentially transmitted file units, and a falsification detecting unit that executes the falsification detecting method for the received file units. .

An electronic file description method according to the present invention is a method for describing an electronic file having a plurality of file units associated with each other in a certain order. Information for checking whether the file unit is the first file unit of the electronic file or the last file unit, and the file unit and the immediately preceding or following file unit. And information for checking the completeness of the continuity relation.

An electronic file description method according to the present invention is a method for describing an electronic file having a plurality of file units associated in a fixed order, wherein each file unit has a first function which is a function of the file unit. The descriptor and the second file function that is the file unit immediately before the file unit
And a third descriptor which is a function of the file unit immediately after the file unit.

In the electronic file description method according to the present invention, the second descriptor or the third descriptor is a function of the first descriptor of the immediately preceding or succeeding file unit, and the length of the first descriptor is the original length. It is shorter than the first descriptor.

An electronic file description method according to the present invention is a method for describing an electronic file having a plurality of file units associated in a fixed order, wherein each file unit has a first function which is a function of the file unit. A descriptor, a second descriptor that is a function of at least one file unit immediately before and immediately after the file unit, and whether the file unit is the beginning or end of the electronic file. And an identifier shown.

In the electronic file description method according to the present invention, the identifier is embedded in the first or second descriptor.

In the electronic file description method according to the present invention, the second descriptor is a function of the first descriptor in the immediately preceding or succeeding file unit, and its length is longer than that of the original first descriptor. Is also short.

In the electronic file description method according to the present invention, at least one of the descriptor and the identifier is encrypted.

A communication device according to the present invention includes a file description unit for executing any one of the above-described electronic file description methods, and a transmission unit for sequentially transmitting file units created by the file description unit. is there.

[0019]

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS One embodiment of the present invention will be described below. Embodiment 1 FIG. FIG. 1 is a flowchart showing a method for detecting falsification of an electronic file according to Embodiment 1 of the present invention. This detection method is used in information terminals such as televisions and computers, and is suitable for checking the integrity of acquired digital contents. More specifically, a function capable of acquiring large amounts of data such as video files. It is suitable to be applied to an information terminal having.

The communication device from which the electronic file is transmitted is:
A single electronic file is divided into a plurality of file units, a record unit is generated by adding overhead information to each file unit, and these record units are sequentially transmitted.
In order to execute the falsification detection method, the communication device serving as the transmission destination of the electronic file includes a receiving unit that receives a plurality of record units sequentially transmitted, and a falsification unit for the file unit in the received record units. It includes a falsification detection unit that executes a detection method, and an assembling unit that reassembles the original electronic file from these file units.

Next, the operation will be described. In step ST1 of FIG. 1, the falsification detection unit of the transmission destination uses the file unit in the record unit and the information attached thereto to check that there is no falsification or missing element in the file unit. Although details of this detection will be described later, for example, if the hash value is assigned to each file, the destination compares the hash value calculated from the file unit with the transmitted hash value and determines that they match. Then, it is determined that the file unit has not been falsified or has no missing element. Hereinafter, a file unit is said to be complete when there is no tampering or missing elements in the file unit.

Next, in step ST2, the falsification detection unit of the transmission destination checks whether or not the file unit is the head of the entire file using the added information. In this step, when the file unit is the head of the file, it is understood that no other file unit exists before the file unit.

Next, in step ST3, the falsification detection unit of the transmission destination checks whether or not the file unit is the end of the entire file using the added information. In this step, when the file unit is at the end of the file, it is understood that no other file unit exists after the file unit.

Further, in step ST4, the falsification detection unit of the transmission destination uses the information given to the file unit and the file unit immediately before or after the file unit, and uses the file unit and the file unit immediately before or after the file unit. Check that there are no missing file units between the immediately following file units. This detection can be performed, for example, by the method described in connection with Embodiments 2 to 7 below. Less than,
If a file unit before and after a file unit is not missing, the "continuous relationship" of that file unit is said to be complete. When the file unit is the head (or the end) of the file, the relationship before (or after) the file unit is determined to be complete without being checked in step ST4.

As described above, in the electronic file tampering detection method shown in FIG. 1, 1) that the file unit itself is complete, 2) that the file unit is the beginning or end of the entire file, 3) The three attributes that the continuity of the file unit is complete are detected only from local information centered on the file unit.

Accordingly, step ST1 or step S
If it is recognized at T4 that the communication is incomplete, the destination communication device may notify the user of the device that the communication is incomplete. Alternatively, the communication device of the transmission destination may transmit an automatic retransmission request specifying a file unit presumed to be incomplete to the communication device of the transmission source. In particular, if there is no need to restore the original electronic file from individual file units, and the destination processes (eg, reproduces video frames) based on individual file units, step ST
If the result of step 1 or step ST4 is not suitable, an automatic retransmission request may be made.

However, the processing may proceed as follows.
That is, thereafter, based on the inspection result in step ST3, the falsification detection unit of the transmission destination determines in step ST5 whether or not the file unit is at the end. If the determination result is negative, the process proceeds to step ST1. To check the integrity of the next file unit. If step ST
If the determination result at 5 is positive, the process proceeds to step ST6.

In step ST6, the falsification detection unit of the transmission destination determines whether or not the file unit is complete based on the inspection result in step ST1, and if the determination result is affirmative, the process proceeds to step ST7. If the judgment result is negative, the process proceeds to step ST9.

In step ST7, based on the inspection result in step ST4, the falsification detection unit of the transmission destination determines whether or not the continuity relation of the file unit is complete. If the determination result is affirmative, the process proceeds to step ST8. On the other hand, if the judgment result is negative, the process proceeds to step ST9.

In step ST8, the assembling unit of the transmission destination reassembles (restores) the original electronic file from the file units in the plurality of record units that have been completely successfully received. The transmission destination performs processing (for example, reproduces a video frame) based on the assembled electronic file. On the other hand, in step ST9, the communication device of the transmission destination notifies the user of the device that the communication is incomplete. Alternatively, the communication device of the transmission destination may transmit an automatic retransmission request specifying a file unit estimated to be incomplete to the communication device of the transmission source.

As described above, according to the first embodiment, at the transmission destination, there is no falsification in only the acquired file unit, and there is no missing file unit immediately before or immediately after the file unit. And it is possible to detect whether the acquired data is the whole or a part of the file.

Embodiment 2 In order for the transmission destination to perform the above-described operation, the transmission source communication device includes a file description unit that executes the electronic file description method according to any of the embodiments described below, and a file unit created by the file description unit. And a transmission unit for sequentially transmitting the data. FIG. 2 is a schematic diagram showing the structure of an electronic file record described based on the electronic file description method according to Embodiment 2 of the present invention. In the figure, reference numerals 240 to 242 denote record units constituting an electronic file record transmitted from a transmission source communication device to a transmission destination communication device via a network. Each of the record units 240 to 242 stores a file unit X, a descriptor H, a descriptor C ′, and an identifier F.

X (1) to X (N) are file units constituting the original electronic file. That is, the transmission source transmits a single large-capacity original electronic file in file units X (1) to X (1)
(N). The original electronic file (user information) created by the transmission source application originally consists of only file units X (1) to X (N).
The other elements H, C ′, and F shown in are the overhead information given by the transmission source to detect tampering in network transmission.

H (1) to H (N) are descriptors for checking the integrity of each of the given file units X (1) to X (N). For example, when focusing on the record unit 240, the descriptor H (1) corresponds to the file unit X (1)
Is stored in the record unit 240 by the transmission source to check the integrity of the record. The descriptor H (1) is obtained by applying a hash function or another appropriate function to the file unit X (1). Accordingly, the destination estimates the descriptor H (1) in the same manner, and the received record unit 24
By comparing the estimation result with the descriptor H (1) inside 0, it is possible to check the integrity of a single file unit X (1).

C '(1) to C' (N) are file units X
This is a descriptor for checking the completeness of the continuity relation of (1) to X (N). For example, in the record unit 240, the descriptor C ′ (1) is obtained based on any information inside the record unit 241, for example, the descriptor H (2) or the file unit X (2). The descriptor H (2) may be used as it is as the descriptor C ′ (1), or the descriptor H (2) may be used.
The descriptor C ′ (1) may be generated by applying a hash function or other appropriate function to (2) or the file unit X (2). Therefore, the transmission destination is the same as the subsequent (immediate)
By estimating the descriptor C ′ (1) based on the file unit information and comparing the estimation result with the descriptor C ′ (1) inside the received record unit 240, the file unit X (1) It is possible to check the integrity of the continuity relationship between X and X (2).

Regarding the last file unit X (N),
Since there is no comparison with the subsequent file unit, the descriptor C '
(N) is given a valueless and unique code or bit.

F (1) to F (N) check whether the given file unit X (1) to X (N) is the head of the entire file record and whether it is the end. Is an identifier for A code representing the beginning is given to the identifier F (1) of the first record unit 240, a code representing the middle is given to the identifier F (2) of the middle record unit 241 and the identifier F of the last record unit 242 is given.
(N) is given a code indicating the end. Therefore, the transmission destination can confirm whether or not the entire electronic file has been acquired.

As described above, each record unit is roughly composed of a file unit X as a payload and overhead information, that is, a descriptor H, a descriptor C ′, and an identifier F.
Having. However, the format of each record unit, that is, the array of the file unit X, the descriptor H, the descriptor C ′, and the identifier F may be any format as long as it can be extracted from the record unit while distinguishing them at the transmission destination. .

Next, the operation will be described. Now, it is assumed that one record unit 240 is first received by the transmission destination, and then that the record unit 241 is received. As described above, at the transmission destination, the integrity of the file unit X (1) included in the record unit 240 is checked using the descriptor H (1). Whether the record unit 240 is the beginning or end of the file record is checked using the identifier F (1). In fact, since this record unit 240 is the head,
At the destination, it is detected that it is the top, and the file unit X
For (1), it can be seen that the continuous relationship with the immediately preceding file unit (none) is complete.

File unit X (1) and file unit X
When the second record unit is received, the continuity relationship of (2) is determined by using any information included in the second record unit and the descriptor C ′ (1) given to the file unit X (1). Inspected by technique. Descriptor C '(1) estimated at the transmission destination based on the second record information received in units of records
And the descriptor C ′ (1) stored in the received record unit 240, it is understood that the continuous relationship between the file unit X (1) and the file unit X (2) is complete. In other cases, the second record unit received at the destination is not the second record unit 241 transmitted from the source. This means that the record unit 241 is missing or has been tampered with by an eavesdropper.

The integrity of the file unit X (2) is checked using the descriptor H (2) assigned to the record unit 241. As described above, the record units 240 and 241
Is obtained, the completeness of the file units X (1) and X (2) and their continuous relationship is confirmed.

As described above, according to the second embodiment, at the transmission destination, there is no falsification in only the acquired file unit, and there is no missing file unit immediately before or immediately after the file unit. And it is possible to detect whether the acquired data is the whole or a part of the file.

Embodiment 3 FIG. 3 is a schematic diagram showing a structure of an electronic file record described based on a description method of an electronic file according to Embodiment 3 of the present invention.
In the figure, 240 to 245 are record units constituting an electronic file record transmitted from a transmission source to a transmission destination via a network. Record unit 240 to 24
5 stores a file unit X, a first descriptor H, a second descriptor C, and a third descriptor D.

X (1) to X (N) are file units constituting an original electronic file (user information) created by the transmission source application. Numbers 240 to 245 given in record units represent the arrangement order of file units in the source electronic file of the transmission source. That is, in the embodiment shown in FIG. 3, the transmission source sets the first part of the original electronic file to the file unit X (1) and sets the next part to the next part, as indicated by the record unit number. File unit X (N), and the next part is file unit X
(I-1), and the next part is a file unit X
(I), and the last part is file unit X (i + 1). However, the sources are 240, 243, 244, 2
Record units are transmitted in the order of 45, 242.

H (1) to H (N) are first descriptors for checking the integrity of each of the given file units X (1) to X (N). For example, record unit 2
At 40, the descriptor H (1) is obtained by applying a hash function or other suitable function to the file unit X (1).

C (1) to C (N) are file units X
(1) A second descriptor for checking the integrity of the continuity relation of X (N). For example, in the record unit 244, the second descriptor C (i) is obtained by applying a function to the file unit X (i-1) inside the immediately preceding record unit 243.

If the same function is applied, the record unit 24
4, the second descriptor C (i) of the immediately preceding record unit 24
3 first descriptors H (i-1). Regarding the file unit X (1) of the first record unit 240, there is no comparison with the immediately preceding file unit, so that the descriptor C (1) is given a valueless and unique code or bit.

D (1) to D (N) are third descriptors for checking the integrity of the continuity relation of the file units X (1) to X (N). For example, record unit 244
In, the third descriptor D (i) is obtained by applying a function to the file unit X (i + 1) inside the immediately following record unit 245.

If the same function is applied, a record unit 24
The third descriptor D (i) of the fourth record unit 24
5 equal to the first descriptor H (i + 1). Since the file unit X (N) of the last record unit 242 is not compared with the immediately following file unit, the descriptor D (N) is given a valueless and unique code or bit.

The format of each record unit, that is, the array of the file unit X, the first descriptor H, the second descriptor C, and the third descriptor D is determined from the record unit while distinguishing them at the transmission destination. Anything that can be taken out may be used.

Next, the operation will be described. The first descriptors H (1) to H (N) correspond to the corresponding file units X (1)
X (N). For example, when a hash function is used, the function is a hash value. Therefore, the destination can estimate the descriptor H with the same function and compare the estimation result with the descriptor H inside the received record unit to check the integrity of each file unit X. is there.

The second descriptors C (i-1) to C (N) are:
It is a function of the file unit data immediately before the corresponding file unit. Now, it is assumed that the record unit 244 has been received at the transmission destination. Then, the transmission destination is the function value (descriptor C) of the file unit of the immediately preceding record unit (if the regular record unit 243, the file unit is X (i-1)).
(I) estimation result) and the currently received record unit 2
Compare the descriptor C (i) stored at 44. When they match, it is understood that the continuous relationship between the file units X (i-1) and X (i) is complete. In other cases, the record unit received immediately before is the regular record unit 2
It is not 43. This means that the record unit 243 is missing or has been tampered with by an eavesdropper.

As described above, the same function may be applied to the calculation of the descriptor H and the descriptor C. In this case, for example, the second descriptor C (i) replaces the immediately preceding first descriptor H (i
Same as -1). Therefore, the transmission destination can use the already calculated estimation result of the immediately preceding first descriptor for comparison with the received second descriptor of the record unit,
There is no need to calculate an estimate for the second descriptor.

As described above, the first record unit 240
Is given a valueless and unique code or bit. Therefore, by referring to the second descriptor of the received record unit, it can be checked whether or not the file unit included therein is the head of the file.

The third descriptors D (1) to D (i + 1) are:
This is a file unit function immediately after the corresponding file unit, and is used to check the integrity of the file unit continuity relation like the second descriptor. For example, regarding the record unit 244, the file unit of the immediately following record unit (if the regular record unit 245, the file unit is X
(I + 1) is compared with the descriptor C (i) stored in the record unit 244 already received. When they match,
It can be seen that the continuous relationship between the file units X (i) and X (i + 1) is complete. In other cases, the record unit received immediately after is not the regular record unit 245. This means that the record unit 245 is missing or has been tampered with by an eavesdropper.

As described above, the same function may be applied to the calculation of the descriptor H and the descriptor D. In this case, for example, the third descriptor D (i) is the immediately following first descriptor H (i
+1). Therefore, at the destination, the comparison with the third descriptor of the record unit which has already been received earlier,
The first calculated for the currently received record-by-record check
Of the third descriptor need not be calculated.

The third descriptor D (N) of the last record unit 242 is given a valueless and unique code or bit. Therefore, by referring to the third descriptor of the received record unit, the destination can check whether or not the file unit included therein is the end of the file.

As described above, according to the third embodiment, at the transmission destination, there is no falsification in only the acquired file unit, and there is no missing file unit immediately before or immediately after the file unit. And it is possible to detect whether the acquired data is the whole or a part of the file.

Embodiment 4 FIG. FIG. 4 is a schematic diagram showing the structure of an electronic file record described based on the electronic file description method according to Embodiment 4 of the present invention.
In FIG. 4, the same reference numerals are used to indicate elements common to FIG.

In FIG. 4, F '(1) to F' (N) indicate a third descriptor indicating whether or not the corresponding file unit X (1) to X (N) is the last. In the fourth embodiment, each of the record units 240 to 245 includes a file unit X,
The first descriptor H, the second descriptor C, and the identifier F ′ are stored.

The file unit X, the first descriptor H, and the second descriptor C are the same as those of the third embodiment. Accordingly, each of the first descriptors H (1) to H (N) can check the individual integrity of the corresponding file unit X. Also, the second descriptor C (i
Each of -1) to C (N) can check the integrity of the continuous relationship between the corresponding file unit and the immediately preceding file unit. For example, the second descriptor C (i) can be used to check the integrity of the continuous relationship between the file units X (i-1) and X (i). Further, by giving a unique code or bit only to the second descriptor C (1) of the head record unit 240, it is possible to check whether the file unit is the head of the file.

In the third embodiment, the third descriptor D (1)
For each of .about.D (i + 1), the integrity of the continuity relationship between the corresponding file unit and the immediately following file unit is checked. However, each of the second descriptors C (i-1) to C (N) can check the integrity of the continuity relationship between the corresponding file unit and the immediately preceding file unit. The continuous relationship between the file unit and the file unit immediately after
Since the continuity relationship between the file unit and the immediately preceding file unit is equivalent, if one continuity relationship is checked, the other continuity relationship need not be checked.

Therefore, the fourth embodiment does not use the third descriptor D of the third embodiment. However, in the third embodiment, the third descriptor D of the last record unit 242
By giving a unique code or bit only to (N), it is possible to check whether the file unit is at the end of the file. Therefore, in the fourth embodiment, the identifier F ′ is used so that it can be checked whether or not the file unit is at the end of the file. As shown in FIG. 4, the identifier F ′ is, for example, a 1-bit flag that becomes 1 only when the corresponding file unit is the last file unit X (N). However, without intending to limit the present invention to this disclosure, the identifier F ′ indicates whether the corresponding file unit X (1) to X (N) is the head of the entire file record and whether it is the last. More than one bit may be provided so that it can be checked for no.

The format of each record unit, that is, the array of the file unit X, the first descriptor H, the second descriptor C, and the identifier F 'can be extracted from the record unit while distinguishing them at the transmission destination. Anything may be used.

Next, the operation will be described. As above,
Each of the first descriptors H (1) -H (N) allows the destination to check the individual integrity of the corresponding file unit X. Further, the second descriptors C (i-1) to C (i-1) to C
With each of (N), the transmission destination can check the integrity of the continuous relationship between the corresponding file unit and the immediately preceding file unit. Further, by giving a unique code or bit only to the second descriptor C (1) of the head record unit 240, the transmission destination can check whether the file unit is the head of the file.

Further, the transmission destination can determine whether or not the corresponding file units X (1) to X (N) are the last based on the identifiers F '(1) to F' (N).

As described above, according to the fourth embodiment, at the transmission destination, there is no falsification in only the acquired file unit and that there is no missing file unit immediately before or immediately after the file unit. And it is possible to detect whether the acquired data is the whole or a part of the file. Also, since the identifier indicating that the file unit is the last or the beginning of the file may be short (for example, 1 bit as described above),
This has the effect of reducing the length of a record unit. Further, since the identifier can be obtained without performing the operation by the function, the operation procedure can be simplified.

Embodiment 5 FIG. 5 is a schematic diagram showing the structure of an electronic file record described based on the electronic file description method according to Embodiment 5 of the present invention.
In FIG. 5, the same reference numerals are used to indicate elements common to FIGS. 3 and 4.

As shown in FIG. 5, in the fifth embodiment, the record unit 2 excluding the last record unit 242
Each of 40 to 245 stores a file unit X, a first descriptor H, and a second descriptor C.

The first descriptors H (1) to H (H) in the record units 240 to 245 excluding the last record unit 242
For each of (i + 1), the corresponding file unit X
Can be checked for individual integrity.

The second descriptor C is the same as those in the third and fourth embodiments. Therefore,
Each of the second descriptors C (i-1) to C (N) can check the integrity of the continuity relationship between the corresponding file unit and the immediately preceding file unit. For example, by using the second descriptor C (i), the file unit X (i-1)
And X (i) can be checked for completeness. Further, the second descriptor C of the first record unit 240
By giving a unique code or bit only to (1), it is possible to check whether the file unit is the head of the file.

In the fifth embodiment, the identifier F ′ of the fourth embodiment for checking whether the file unit is at the end of the file is not explicitly used. Instead, in the last record unit 242 of the fifth embodiment, the identifier F ′ (N) indicating the end of the file is embedded in the first descriptor H ′ (N). Therefore, the first descriptors H (1) to H (i + 1) and to
By H ′ (N), corresponding file units X (1) to X (X)
The destination can determine whether or not (N) is the last.

More specifically, the last record unit 24
The first descriptor H of the record units 240 to 245 excluding 2
(1) to H (i + 1) represent a hash function or other appropriate function with a corresponding file unit X (1) to X (i + 1)
Obtained by applying The transmission source uses the operation result of the function as it is as the first descriptors H (1) to H (i + 1). On the other hand, for the last record unit 242, the above function is applied to the file unit X (N) to calculate the operation result H (N), and then one bit at the end of the operation result H (N). By adding 1 to the descriptor H '
(N) is obtained. That is, the operation result H (N) and the descriptor H ′ (N) are different in the last one or two bits.

The format of each record unit, that is, the file unit X, the first descriptor H or H ′, and the second
The array of the descriptor C may be of any type as long as it can be extracted from the record unit while distinguishing them at the transmission destination.

Next, the operation will be described. Each of the first descriptors H (1) -H (i + 1) and H '(N) allows the destination to check the individual integrity of the corresponding file unit X. The transmission destination is the file unit X stored in the received record units 240 to 242.
The same function as that applied by the transmission source is applied to (1) to X (i + 1), and the estimation result of the first descriptor H obtained by this operation result is stored in the received record units 240 to 242. The first descriptor is compared with the first descriptor. If the estimation result matches the reception result, it is known that the corresponding file unit X is complete. Here, a match means that the record units 240 to 24 except the last record unit 242
Since this is true for the first descriptors H (1) to H (i + 1) of No. 5, it is also found that the file unit is not the end.

When the estimation result of the first descriptor H differs from the reception result descriptor H only by one or two trailing bits, the reception result descriptor H is the last record unit 242 of the last record unit 242. This is the first descriptor H '(N). Therefore, the corresponding file unit X is found to be complete, and at the same time, it is found that the file unit is the last file unit X (N).

In other cases, the file unit is incomplete and
Bits in a file unit are missing or altered. Therefore, at the destination,
By obtaining an exclusive OR of the matching or mismatching state of the functions of the file units X (1) to X (N) and the state of whether or not the file unit is the last, all file units X (N) are obtained.
It is possible to determine whether (1) to X (N) are normal.

As described above, the second descriptor C (i-
Each of 1) to C (N) allows the destination to check the integrity of the continuous relationship between the corresponding file unit and the immediately preceding file unit. Further, by giving a unique code or bit only to the second descriptor C (1) of the head record unit 240, the transmission destination can check whether the file unit is the head of the file.

In the fifth embodiment, the transmission source embeds the identifier F ′ (N) indicating the end of the file in the first descriptor H ′ (N). May be embedded in the descriptor C (N).

As described above, according to the fifth embodiment, at the transmission destination, there is no falsification of only the acquired file unit and that there is no missing file unit immediately before or immediately after the file unit. And it is possible to detect whether the acquired data is the whole or a part of the file. Further, by embedding the identifier F ′ in the descriptor, the length of the record unit can be reduced.

Embodiment 6 FIG. FIG. 6 is a schematic diagram showing the structure of an electronic file record described based on the electronic file description method according to Embodiment 6 of the present invention.
The sixth embodiment is a variation of the fifth embodiment (FIG. 5). In FIG. 6, the same reference numerals are used to indicate elements that are essentially common to FIG.

As shown in FIG. 6, in the sixth embodiment, record unit 2 except for the last record unit 242
Each of 40 to 245 stores a file unit X, a first descriptor H, and a second descriptor C. The last record unit 242 stores a file unit X (N), a first descriptor H ′ (N), and a second descriptor C (N).
The format of each record unit, that is, the array of the file unit X, the first descriptor H or H ', and the second descriptor C can be any type as long as they can be extracted from the record unit while distinguishing them at the destination. It may be something. Such a schematic structure is the same as that of the fifth embodiment shown in FIG.

However, in the sixth embodiment, the method of calculating the second descriptors C (i-1) to C (N) is the same as that in the fifth embodiment.
Different from that of In Embodiments 2 to 5, the second descriptors C (i-1) to C (N) are functions of the immediately preceding file units X (1) to X (N-1). Are the first descriptors H (1) to H (N-1) given to the immediately preceding file unit. On the other hand, in the sixth embodiment, the second descriptor C
(I-1) to C (N) are values obtained by further performing a certain conversion on the first descriptors H (1) to H (N-1) assigned to the immediately preceding file unit (for example, hash values thereof). And its length (bit length) is the first descriptor H (1) to H (N−N).
Shorter than 1). Assuming that the conversion function is G, as shown in FIG. 6, for example, the second descriptor C (i) is G (H (i
-1)).

Further, similarly to the second to fifth embodiments, the second descriptor C of the head record unit 240
By giving a unique code or bit only to (1), it is possible to check whether the file unit is the head of the file.

Next, the operation will be described. Embodiment 5
Similarly, each of the first descriptors H (1) to H (i + 1) and H ′ (N) produces a corresponding file unit X
The destination can check the individual integrity of the file and the attributes of whether the file unit is last.

The functions of the second descriptors C (1) to C (N) are the same as those of the fifth embodiment. That is, from the second descriptors C (1) to C (N), it is possible to determine the completeness of the continuity relation of the file unit and the attribute of whether or not the corresponding file unit is the first. However, the second descriptor C
Since (i-1) to C (N) are calculated by the above method, the transmission destination sets the first descriptor H of the immediately preceding record unit.
(1) to H (N-1) are further subjected to the same conversion as above to calculate the estimation result of the second descriptor, and are compared with the second descriptor stored in the received record units 240 to 242 I do. If the estimation result matches the reception result, it is understood that the continuity between the corresponding file unit X and the immediately preceding file unit is perfect.

As described above, according to the sixth embodiment, at the transmission destination, there is no falsification of only the acquired file unit and that there is no missing file unit immediately before or immediately after the file unit. And it is possible to detect whether the acquired data is the whole or a part of the file. Also, since the second descriptor is the first descriptor and is shorter than the first descriptor,
Record unit length can be reduced.

Although the sixth embodiment is a variation of the fifth embodiment, the principle of the sixth embodiment, that is, the conversion of the immediately preceding file unit X twice to obtain the second descriptor C is impossible. Other Embodiments 2 to 4
And such applications are included within the scope of the present invention. Further, in the third embodiment, the second descriptor C
Alternatively, or in addition to the second descriptor, a third descriptor D may be obtained by performing the conversion twice on the immediately subsequent file unit X.

Embodiment 7 In the second to sixth embodiments, the descriptors assigned to the file units X (1) to X (N) are the function values of the file units X (1) to X (N) or the function values of the function values. Met. Also, the identifier F
(FIG. 3) and F ′ (FIG. 4) were simple codes.
However, in order to prevent falsification of the file, at least one of these descriptors and identifiers may be encrypted. The entire record unit including the file unit X as well as these descriptors and identifiers may be encrypted. Encryption technologies include those used for digital signatures,
A public key system, a common key system, and other technologies can be used. As described above, according to the seventh embodiment, there is an effect that it is difficult to falsify a file.

[0090]

As described above, according to the present invention, the step of checking the integrity of each file unit using each file unit and the information assigned thereto is performed. Checking whether the file unit is the first file unit of the electronic file and whether the file unit is the last file unit by using at least one file unit immediately before and immediately after each file unit, and Checking the integrity of the continuity of the file units by using the information given to the file units, so that the transmission destination, at the destination, uses only the acquired file units to Has not been tampered with and that there is no missing file unit immediately before or after the file unit,
Further, there is an effect that it is possible to detect whether the acquired data is the whole or a part of the file.

According to the present invention, a communication apparatus is configured to include a receiving unit that receives sequentially transmitted file units and a falsification detecting unit that executes the above-described falsification detection method for the received file units. Therefore, it is possible to detect that there is no tampering in that part only from the acquired file unit and that there is no omission of the file unit immediately before or immediately after that file unit, and to determine whether the acquired data is the whole or part of the file. There is an effect that it can be detected.

According to the present invention, for each file unit, information for checking the integrity of the file unit, whether the file unit is the first file unit of the electronic file, or the last file unit The description method of the electronic file is configured so as to add information for checking whether or not the file is a file and information for checking the integrity of a continuous relationship between the file unit and the immediately preceding or succeeding file unit. Therefore, the transmission destination can detect that there is no falsification in that part only from the acquired file unit and that there is no omission in the file unit immediately before or immediately after that file unit, and furthermore, that the acquired data is the whole or a part of the file. It has the effect of being able to detect what it is.

According to the present invention, for each file unit, the first descriptor which is a function of the file unit, the second descriptor which is a function of the file unit immediately before the file unit, and the file unit Since the description method of the electronic file is configured so as to add the third descriptor which is a function of the file unit immediately after the file unit, at the transmission destination, there is no falsification in that part only from the acquired file unit and that file is not altered. It is possible to detect that there is no missing file unit immediately before or immediately after the unit, and it is also possible to detect whether the acquired data is the entire file or a part of the file.

According to the present invention, the second descriptor or the third descriptor is a function of the first descriptor immediately before or immediately after the file unit, and the length of the second descriptor or the third descriptor is the original first descriptor. Since the electronic file description method was configured to be shorter than
The effect is that the length of a record unit can be reduced.

According to the present invention, for each file unit, a first descriptor which is a function of the file unit and a second descriptor which is a function of at least one file unit immediately before and immediately after the file unit And an identifier indicating whether the file unit is the beginning or the end of the electronic file, the electronic file description method is configured. Therefore, it is possible to detect that there is no falsification in that part and that there is no loss of the file unit immediately before or immediately after the file unit, and it is also possible to detect whether the acquired data is the whole or a part of the file. Also,
Since the identifier indicating that the file unit is the last or the beginning of the file may be short, the length of the record unit can be shortened. In addition, since the identifier is obtained without performing the operation using a function, the operation procedure can be simplified.

According to the present invention, since the description method of the electronic file is configured so that the identifier is embedded in the first or second descriptor, the length of the record unit can be further reduced. There is.

According to the present invention, the second descriptor is a function of the first descriptor immediately before or immediately after the file unit, and its length is shorter than that of the original first descriptor. Since the file description method is configured, the length of the record unit can be reduced.

According to the present invention, since the description method of the electronic file is configured such that at least one of the descriptor and the identifier is encrypted, there is an effect that it is difficult to falsify the file.

According to the present invention, the communication apparatus is configured to include the file description section for executing the above-described electronic file description method and the transmission section for sequentially transmitting the file units created by the file description section. However, the destination receiving the file from this communication device can detect that there is no tampering in that part only from the acquired file unit and that there is no missing file unit immediately before or after the file unit, and furthermore, the acquired data can be detected. This has the effect of being able to detect whether it is a whole or a part of a file.

[Brief description of the drawings]

FIG. 1 is a flowchart showing an operation of an electronic file tampering detection method according to Embodiment 1 of the present invention.

FIG. 2 is a schematic diagram showing a structure of an electronic file record described based on an electronic file description method according to Embodiment 2 of the present invention.

FIG. 3 is a schematic diagram showing a structure of an electronic file record described based on an electronic file description method according to Embodiment 3 of the present invention.

FIG. 4 is a schematic diagram showing a structure of an electronic file record described based on an electronic file description method according to Embodiment 4 of the present invention.

FIG. 5 is a schematic diagram showing a structure of an electronic file record described based on an electronic file description method according to Embodiment 5 of the present invention.

FIG. 6 is a schematic diagram showing a structure of an electronic file record described based on an electronic file description method according to Embodiment 6 of the present invention.

FIG. 7 is a schematic diagram showing the structure of an electronic file record described based on a conventional electronic file description method.

[Explanation of symbols]

240 to 242 Record units, C (1) to C (N)
Second descriptor, C '(1) to C' (N) descriptor, D
(1) to D (N) Third descriptor, F (1) to F (N)
Identifiers, F ′ (1) to F ′ (N) Third identifier, H
(1) to H (N) (first) descriptor, H '(N) first
, X (1) to X (N) file units.

Claims (10)

[Claims] 1. A method for detecting falsification of an electronic file having a plurality of file units related in a predetermined order, wherein the integrity of each file unit is checked using each file unit and information attached thereto. Checking each file unit and whether or not the file unit is the first file unit of the electronic file and the last file unit by using the information given thereto; Using at least one file unit immediately before and immediately after the file unit and information given to each file unit to check the integrity of the continuity of the file units. 2. A communication device comprising: a receiving unit that receives a sequentially transmitted file unit; and a falsification detecting unit that executes the falsification detecting method according to claim 1 for the received file unit. 3. A method for describing an electronic file having a plurality of file units associated in a predetermined order, wherein each file unit has information for checking the integrity of the file unit, and the file unit is Information for checking whether it is the first file unit or the last file unit of an electronic file, and the integrity of the continuity relationship between the file unit and the immediately preceding or succeeding file unit A description method of an electronic file, wherein the method further comprises: 4. A method for describing an electronic file having a plurality of file units associated in a fixed order, wherein each file unit includes a first descriptor which is a function of the file unit, and a file descriptor immediately before the file unit. A second descriptor which is a file-based function and a third descriptor which is a file-based function immediately after the file unit. 5. The second or third descriptor is a function of the immediately preceding or following first descriptor of a file unit, and its length is shorter than the original first descriptor. The electronic file description method according to claim 4, wherein: 6. A method of describing an electronic file having a plurality of file units associated in a fixed order, wherein each file unit includes a first descriptor which is a function of the file unit, and a file descriptor immediately before the file unit. And a second descriptor which is a function of at least one file unit immediately after, and whether the file unit is the head of the electronic file,
Alternatively, an electronic file description method is provided in which an identifier indicating whether the file is the last is added. 7. The electronic file description method according to claim 6, wherein the identifier is embedded in the first or second descriptor. 8. The method according to claim 1, wherein the second descriptor is a function of the first descriptor immediately before or immediately after the file unit, and has a shorter length than the original first descriptor. The electronic file description method according to claim 6 or 7. 9. The method for writing an electronic file according to claim 4, wherein at least one of the descriptor and the identifier is encrypted. 10. A communication device, comprising: a file description unit for executing the electronic file description method according to claim 3; and a transmission unit for sequentially transmitting file units created by the file description unit.