JP2009048283A - Tampering prevention program, tampering prevention apparatus, tampering prevention system, and tampering prevention method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To prevent tampering of a processing result by a program. <P>SOLUTION: With an input data reception means 11a, input data 3 is received and the received input data 3 is transmitted to an information storage means 2. Then, with an arithmetic program execution means 11b, execution of an arithmetic program 12 based on the input data 3 is directed to a computer 1, and an arithmetic result of the arithmetic program 12 is acquired as output data. Then, with an output data transmission means 11c, output data acquired with the arithmetic program execution means 11b is transmitted to the information storage means 2. Then, audit signature information is generated by adding an electronic signature to information related to output data 2c and information related to input data 2a, and the generated audit signature information is transmitted to the information storage means 2. <P>COPYRIGHT: (C)2009,JPO&INPIT

Description

  The present invention relates to a falsification preventing program, a falsification preventing device, a falsification preventing system, and a falsification preventing method for preventing falsification, and in particular, a falsification preventing program, a falsification preventing device, a falsification preventing system, and a falsification capable of preventing falsification of processing results by the program. It relates to a prevention method.

  In some cases, the validity of the data calculated by the calculation processing of the program is verified. For example, when applying for the construction of a building, it is required to attach the calculation result of the structural calculation to the structural calculation sheet to confirm the safety of the building depending on the size of the building. .

  Here, the structural calculation document indicates that the building designer confirms the safety of the building against external forces such as its own weight, loading load, snow load, wind load, seismic load, earth pressure, water pressure, impact, etc. It is a document to convey.

  In this structure calculation, a structure calculation program for performing structure calculation is generally known (for example, see Patent Document 1). In addition, when submitting a structural calculation report, an applicant for building confirmation can attach a calculation result using a structural calculation program approved by the country (“consistent structural calculation program”) in the structural calculation.

  In this case, the applicant inputs data into the structural calculation program, and prints and outputs the output information on paper. In response to this, the verifier performs the verification by confirming the material submitted by the applicant.

Furthermore, at the time of delivery of the software product, it may be verified whether the delivered software operates correctly according to the specification.
As described above, it is possible to check whether the processing result obtained by inputting the input data into the program executed on the computer is obtained by properly processing the processing result. is there.

In addition, there is a technique for preventing falsification of data by giving an electronic signature using a public key method to electronic data such as an electronic document (see, for example, Patent Document 2).
JP 2003-316831 A JP 2006-309442 A

  However, using only the structural calculation program of Patent Document 1, the verifier cannot check whether the applicant has correctly used the program and entered correct data. For this reason, the verifier is standing in a good-natured theory, trusting the result data submitted by the applicant, and only permitting the building on the assumption that the processing result is valid. In this case, the applicant (user of the structural calculation program) falsifies an auditor or a third party by falsifying the data of the submitted material by, for example, connecting and fusing convenient portions of a plurality of calculation results. Is also possible.

  On the other hand, even if the falsification preventing technique for electronic data using an electronic signature as in Patent Document 2 is used as it is, the data can be falsified before the electronic signature is attached, so that the processing result (structural calculation document) Tampering cannot be prevented.

  The present invention has been made in view of these points, and an object thereof is to provide a falsification preventing program, a falsification preventing apparatus, a falsification preventing system, and a falsification preventing method that can prevent falsification of a processing result by a program.

  In the present invention, in order to solve the above problems, a falsification preventing program 11 as shown in FIG. 1 is provided. The falsification preventing program 11 according to the present invention includes an input data receiving unit 11a, a calculation program executing unit 11b, an output data transmitting unit 11c, and audit signature information shown in FIG. 1 in order to prevent falsification of processing results by the calculation program 12. The computer 1 can execute the function of the output unit 11d.

  The input data receiving unit 11 a receives an input of the input data 3 processed by the arithmetic program 12 and transmits the received input data 3 to the information storage unit 2. The transmitted input data 3 is stored in the information storage means 2 as input data 2a.

The arithmetic program execution means 11b instructs the computer 1 to execute the arithmetic program 12 based on the input data 3, and acquires the arithmetic result of the arithmetic program 12 as output data.
The output data transmission unit 11 c transmits the output data acquired by the arithmetic program execution unit 11 b to the information storage unit 2. The transmitted output data is stored in the information storage means 2 as output data 2c.

  The audit signature information output unit 11 d generates audit signature information obtained by applying an electronic signature to the information related to the input data 3 and the information related to the output data 2 c, and transmits the generated audit signature information to the information storage unit 2. The transmitted audit signature information is stored in the information storage means 2 as audit signature information 2d.

  Whether the input data 2a, the output data 2c, and the audit signature information 2d stored in the information storage means 2 are correctly calculated by the arithmetic program 12 is determined in the computer 4 used by the verifier. Is verified by the verification means 4a.

  When the input data 3 is input to the falsification preventing program 11, the input data receiving unit 11 a receives the input data 3 and transmits the received input data 3 to the information storage unit 2. . Next, the arithmetic program execution means 11b instructs the computer 1 to execute the arithmetic program 12 based on the input data 3, and the arithmetic result of the arithmetic program 12 is acquired as output data 2c. Next, the output data transmission unit 11 c transmits the output data 2 c acquired by the arithmetic program execution unit 11 b to the information storage unit 2. Next, audit signature information 2 d obtained by applying an electronic signature to information related to the input data 2 a and information related to the output data 2 c is generated, and the generated audit signature information 2 d is transmitted to the information storage unit 2.

  In order to solve the above problem, in the falsification preventing apparatus for preventing falsification of the processing result by the arithmetic program, the input of the input data processed by the arithmetic program is received and the received input data is stored in the information storage means. Input data receiving means for transmitting; arithmetic program executing means for executing the arithmetic program based on the input data and acquiring the arithmetic result of the arithmetic program as output data; and the output data acquired by the arithmetic program executing means Output data transmitting means for transmitting the information to the information storage means, audit signature information obtained by applying an electronic signature to the information related to the output data and the information related to the input data, and the generated audit signature information in the information storage means Audit signature information output means for transmission. Tamper-proof device is provided, wherein.

  According to such a falsification preventing apparatus, the input data receiving means receives input of input data processed by the arithmetic program, and the received input data is transmitted to the information storage means, and the arithmetic program executing means A calculation program based on the input data is executed, and a calculation result of the calculation program is acquired as output data. Then, the output data acquired by the operation program executing means is transmitted to the information storage means by the output data transmitting means, and the audit signature information output means is used to apply the electronic signature to the information related to the output data and the information related to the input data. Signature information is generated, and the generated audit signature information is transmitted to the information storage means.

  In order to solve the above problem, in the falsification prevention system for preventing falsification of the processing result by the arithmetic program, the information storage means capable of storing information and the input of the input data processed by the arithmetic program, Input data receiving means for transmitting the received input data to the information storage means, calculation program execution means for executing the calculation program based on the input data, and acquiring a calculation result of the calculation program as output data, and An output data transmission unit that transmits the output data acquired by the arithmetic program execution unit to the information storage unit, and generates audit signature information in which an electronic signature is applied to the information about the input data and the information about the output data. Sent the audit signature information to the information storage means. Tamper-proof system, comprising: the audit signature information output means for, is provided.

  According to such a falsification prevention system, information can be stored by the information storage means, and input of the input data processed by the arithmetic program is received by the input data receiving means, and the received input data is It is transmitted to the information storage means. Next, an arithmetic program based on the input data is executed by the arithmetic program executing means, the arithmetic result of the arithmetic program is acquired as output data, and the output data acquired by the arithmetic program executing means is stored in the information by the output data transmitting means Sent to the means. Then, the audit signature information output means generates the audit signature information obtained by applying the electronic signature to the information relating to the input data and the information relating to the output data, and the generated audit signature information is transmitted to the information storage means.

  In addition, in order to solve the above-mentioned problem, in a falsification preventing method by a computer for preventing falsification of a processing result by an arithmetic program, a step of accepting input of input data processed by the arithmetic program, and the received input data as information Is transmitted to the information storage means that can store the information, instructs the computer to execute the arithmetic program based on the input data, acquires the operation result of the arithmetic program as output data, and is acquired by executing the arithmetic program The output data is transmitted to the information storage means, audit signature information obtained by applying an electronic signature to the information related to the output data and the information related to the input data is generated, and the generated audit signature information is transmitted to the information storage means And tamper-proof characterized by comprising steps A method is provided.

  According to such a falsification preventing method, first, input of input data processed by the arithmetic program is accepted. Next, the received input data is transmitted to the information storage means capable of storing information, the computer is instructed to execute the arithmetic program based on the input data, the arithmetic result of the arithmetic program is acquired as output data, and the arithmetic program Output data acquired by execution is transmitted to the information storage means, audit signature information obtained by applying an electronic signature to the information related to the output data and the information related to the input data is generated, and the generated audit signature information is transmitted to the information storage means The

  In the present invention, after the data is output by the arithmetic program for outputting the processing result, the audit signature information for automatically applying the electronic signature to the input data and the output data is output. As a result, if the input data, the output data, and the signature key are used, the validity of the output data can be verified, so that it becomes difficult to tamper with the output data and the validity of the pair of the input data and the output data. (In other words, the output data is output from input data that has been digitally signed at the same time). Therefore, it is possible to prevent falsification of the processing result by the program.

Hereinafter, embodiments of the present invention will be described with reference to the drawings.
FIG. 1 is a diagram showing an outline of the invention. The falsification preventing program 11 according to the present invention includes an input data receiving unit 11a, a calculation program executing unit 11b, an output data transmitting unit 11c, and audit signature information shown in FIG. 1 in order to prevent falsification of processing results by the calculation program 12. The computer 1 can execute the function of the output unit 11d.

  The input data accepting unit 11 a accepts input of input data 3 processed by the arithmetic program 12. Input data 3 is data to be processed by the arithmetic program 12. Then, the input data receiving unit 11a transmits the received input data 3 to the information storage unit 2. The transmitted input data 3 is stored in the information storage unit 2 as input data 2a. The input data 2a stored in the information storage unit 2 is used to verify that the processing result of the arithmetic program 12 has not been tampered with by the verification unit 4a in the computer 4 together with output data 2c and audit signature information 2d described later. Used.

Here, the information storage means 2 has a tamper-proof function, and protects data held therein from unauthorized access (reading and writing) and tampering.
The arithmetic program execution means 11 b instructs the computer 1 to execute the arithmetic program 12 based on the input data 3. The arithmetic program 12 corresponds to, for example, a structural calculation program. Then, the operation program execution unit 11b acquires the operation result of the operation program 12 as output data. This output data is data to be verified as to whether or not tampering has occurred, and corresponds to, for example, a calculation result of structural calculation.

  The output data transmission unit 11 c transmits the output data acquired by the arithmetic program execution unit 11 b to the information storage unit 2. The transmitted output data is stored in the information storage means 2 as output data 2c.

  The audit signature information output unit 11d electronically stores information related to the input data 3 such as the input data 3 itself and the hash value of the input data 3, and information related to the output data 2c such as the output data 2c itself and the hash value of the output data 2c. Audit signature information is generated by applying a signature, and the generated audit signature information is transmitted to the information storage means 2. The transmitted audit signature information is stored in the information storage means 2 as audit signature information 2d.

  Whether the input data 2a, the output data 2c, and the audit signature information 2d stored in the information storage unit 2 are correctly calculated by the arithmetic program 12 is verified. Verification is performed by verification means 4a in the computer 4 used by the verifier.

  When the input data 3 is input to such a falsification preventing program 11, the input data receiving unit 11a receives the input data 3, and the received input data 3 is transmitted to the information storage unit 2.

  Next, the operation program execution means 11b instructs the computer 1 to execute the operation program 12 based on the input data 3, and the operation result of the operation program 12 is acquired as output data.

Furthermore, the output data acquired by the arithmetic program execution unit 11b is transmitted to the information storage unit 2 by the output data transmission unit 11c.
Then, audit signature information obtained by applying an electronic signature to information related to output data and information related to input data is generated, and the generated audit signature information is transmitted to the information storage unit 2.

  In this way, after the data is output by the arithmetic program for outputting the processing result, the audit signature information with the electronic signature applied to the input data and the output data is automatically output. Therefore, the legitimacy of the output data can be verified by re-creating the audit signature from the input data and the output data and collating it with the audit signature stored in advance in the information storage means 2. As a result, it becomes difficult to tamper with the output data, and the validity of the pair of the input data and the output data (that is, the output data is output from the input data that has been digitally signed at the same time. ) Is also secured. Therefore, it is possible to prevent falsification of the processing result by the program.

[First Embodiment]
Hereinafter, a first embodiment will be described in detail with reference to the drawings.
FIG. 2 is a diagram illustrating a hardware configuration example of the audit computer. The entire computer of the auditing computer 100 is controlled by a CPU (Central Processing Unit) 101. A random access memory (RAM) 102, a hard disk drive (HDD: Hard Disk Drive) 103, a graphic processing device 104, an input / output interface 105, a PC card interface 106, and a communication interface 107 are connected to the CPU 101 via a bus 108. ing.

  The RAM 102 temporarily stores at least part of an OS (Operating System) program and application programs to be executed by the CPU 101. The RAM 102 stores various data necessary for processing by the CPU 101. The HDD 103 stores an OS and application programs.

  A monitor 140 is connected to the graphic processing device 104. The graphic processing device 104 displays an image on the screen of the monitor 140 in accordance with a command from the CPU 101. A keyboard 151, a mouse 152, and a printer 153 are connected to the input / output interface 105. The input / output interface 105 transmits a signal sent from the keyboard 151 and the mouse 152 to the CPU 101 via the bus 108, and sends a printout signal sent from the CPU 101 via the bus 108 to the printer 153.

  The PC card interface 106 can connect a token module 200 configured in a PC card format. The PC card interface 106 transmits / receives data to / from the connected token module 200.

  The token module 200 is a device that stores a calculation result by the audit program 120f calculated by the auditing computer 100 and data for verifying the validity of the calculation result. The token module 200 is a PC card type hardware module incorporating a storage unit (not shown), and the storage unit stores data to be transmitted to the audit computer 100 and data transmitted from the audit computer 100. Is possible. The token module 200 has a tamper-proof function, and can protect data held therein from unauthorized access (reading and writing) and tampering.

  The token module 200 stores data transmitted from the auditing computer 100 in response to a legitimate request from the auditing computer 100, and transmits the stored data to the auditing computer 100. The token module 200 can also be connected to a PC card interface (not shown) of the verification computer. At the time of verifying the output result of the audit program, the token module 200 is connected to the verification computer, thereby transmitting the stored data to the verification computer.

  The communication interface 107 is connected to the network 500. The communication interface 107 can send and receive data to and from other computers via the network 500.

  The token module 200 of the present embodiment is configured in the PC card format, but is not limited to this, and has portability according to the USB (Universal Serial Bus) system, other standards and specifications, and the like. It can also be constituted by a storage device. The storage device in this case may also have a tamper resistant function.

  Further, instead of the token module 200 of the present embodiment, the function of the token module 200 may be realized by a hard disk device (HDD) having a tamper resistant function. In this case, the hard disk device may be a portable external hard disk device or a removable built-in hard disk device that can freely change connection to the audit computer 100 and the verification computer. Further, the hard disk device may be configured to be connectable to a network so that it can be freely connected to the audit computer 100 and the verification computer via the network.

  With the hardware configuration as described above, the processing functions of the present embodiment can be realized. Although FIG. 2 shows only the hardware configuration of the audit computer 100, the verification computer can also be realized with the same hardware configuration.

  Next, in the first embodiment, a function that the falsification preventing program 110 implements in the auditing computer 100 in order to prevent falsification of the processing result by the audit program will be described.

  FIG. 3 is a block diagram illustrating functions of the auditing computer according to the first embodiment. The audit computer 100 uses an authentication information receiving unit 110a, a program signature receiving unit 110b, a program checking unit 110c, an input data receiving unit 110d, an audit program executing unit 110e, an output data transmitting unit 110g, and a time stamp by using a falsification preventing program 110. It functions as the output unit 110h.

  The authentication information receiving unit 110 a acquires authentication information 200 a stored in the token module 200 for authenticating the token module 200 from the token module 200. The authentication information 200a is information that is stored in a manner unique to or common to each token module 200 so that it cannot be illegally rewritten. The authentication information 200a may be configured more securely by dynamically changing it using a one-time password such as challenge and response authentication.

  The program signature receiving unit 110b is stored in the token module 200, and receives program signature information 200b obtained by applying an electronic signature to information related to the audit program 120f.

  Here, the information related to the audit program 120f is information that can identify the audit program 120f itself or the audit program 120f such as a hash value created from the audit program 120f using a hash function or the like. The same applies to information relating to input data 300 described later, information relating to output data 200g, and information indicating the calculation time of output data 200g calculated by execution of audit program 120f.

  The electronic signature is, for example, a message authentication code (MAC) generated by encrypting information related to the audit program 120f described above using a public key private key, and a public key public key. By decrypting using this, it is possible to verify whether the falsification has been made by making it possible to verify the presence or absence of falsification.

  The program confirmation unit 110c confirms the validity of the audit program 120f based on the program signature information 200b. The validity of the audit program 120f is confirmed in step S15 of the tampering prevention process (see FIG. 5) in step S14 of the program signature information 200b read from the token module 200 and in the tampering prevention process (see FIG. 5). The information related to the audit program 120f is compared with the electronic signature of the audit program 120f created by applying the same signature key as the signature key of the electronic signature used when creating the program signature information 200b. Is done by.

  As a result of this comparison, if they match, the audit program 120f is recognized as valid. On the other hand, if it does not match, the audit program 120f is not validated and there is a possibility that fraud has been performed. It will be. Here, the “signature key identical to the signature key used when creating the program signature information 200b” is stored in the token module 200 and is the signature key (KEVA 201k: see FIG. 4) of the program creation vendor. .

  The validity of the audit program 120f is confirmed by decrypting the program signature information 200b read from the token module 200 with the public key of the electronic signature and the hash function used when generating the program signature information 200b. It may be performed by comparing the information related to the audit program 120f obtained with the same hash function.

Also, the tampering prevention program 110 may be secured by an electronic signature in the same manner as the audit program 120f.
The input data receiving unit 110d receives input of input data 300 processed by the audit program 120f. The input data 300 is data for processing by the audit program 120f. Then, the input data receiving unit 110d transmits the received input data 300 to the token module 200. The transmitted input data 300 is stored as input data 200d in the token module 200. The input data 200d stored in the token module 200 is used for verifying that the processing result of the audit program 120f has not been tampered with by the verification computer 400, together with output data 200g and a time stamp 200h described later.

  Here, as described above, the token module 200 is a portable PC card having a tamper-resistant function, and protects data held therein from unauthorized access (reading and writing) and tampering.

  The audit program execution unit 110e instructs the audit computer 100 to execute the audit program 120f based on the input data 300. The audit program 120f is stored in the audit program storage unit 120. The audit program 120f corresponds to, for example, a structural calculation program.

  When the token module 200 is connected to the auditing computer 100, the audit program storage unit 120 reads the audit program 200f compressed and stored in the token module 200, and stores the read audit program 200f in the audit program. The program is expanded in the section 120 itself and stored as an audit program 120 f so as to be executable by the auditing computer 100.

  Here, the audit program 120f is a program that has been certified by a national institution such as the Minister of Land, Infrastructure, Transport and Tourism and can obtain correct output data if correct data is input unless the program has been tampered with. And

  Further, the falsification preventing program 110 is a program for transferring data to be input to the audit program 120f and acquiring or outputting data output from the audit program 120f. Further, the user who operates the auditing computer 100 is always designed to cause the auditing program 120f to execute processing via the falsification preventing program 110, and cannot be directly involved in the auditing program 120f.

  The audit program execution unit 110e instructs execution of the audit program 120f. Further, when instructing the execution of the audit program 120f, the audit program execution unit 110e reads the audit program 120f stored in the audit program storage unit 120 and causes the auditing computer 100 to execute it. Based on the execution instruction by the audit program execution unit 110e, the auditing computer 100 performs arithmetic processing on the input data 300 by the audit program 120f.

  Then, the audit program execution unit 110e acquires the operation result of the audit program 120f based on the input data 300 as output data. This output data is data to be verified that it has not been tampered with, and corresponds to, for example, a calculation result of a structural calculation.

  The output data transmission unit 110g transmits the output data acquired by the audit program execution unit 110e to the token module 200. The transmitted output data is stored in the token module 200 as output data 200g.

  The time stamp output unit 110h indicates information about the input data 200d, information about the output data 200g, information about the authentication information 200a, information about the program signature information 200b, and a calculation time of the output data 200g calculated by executing the audit program 120f. A time stamp is generated by applying an electronic signature to the information (see FIG. 4). Then, the time stamp output unit 110h transmits the generated time stamp to the token module 200. The transmitted time stamp is stored in the token module 200 as a time stamp 200h.

  That is, the time stamp output unit 110h generates a time stamp 200h by applying an electronic signature to the operation result data when applying an electronic signature to the operation result of the audit program 120f. Specifically, when the time stamp output unit 110h obtains the operation result of the audit program 120f such as the output data 200g, the time stamp output unit 110h applies an electronic signature to the data of the operation result and the like according to the data contents and the time at the time of the operation. A time stamp 200h is generated. Then, the time stamp output unit 110h stores the generated time stamp 200h in the token module 200 or the like. As a result, the verifier can check the tampering of the operation result to which the electronic signature is applied based on the time stamp 200h using the token module 200 and the verification computer 400.

Further, the time stamp output unit 110 h can output the time stamp 200 h to the printer 153. The time stamp 200h will be described in detail later with reference to FIG.
The verification computer 400 is a computer for the verifier to verify the validity of the calculation result by the audit program 120f. The verification computer 400 can legitimately read and write data stored in the tamper resistant token module 200.

  When the verifier verifies whether the calculation result by the audit program 120f attached to the structural calculation sheet is valid, the verifier uses the token module 200 connected to the audit computer 100 at the time of calculation. Connected to 400, the input data 200d, output data 200g, and time stamp 200h stored at the time of calculation are read, and the calculation result is verified.

  Specifically, the time stamp 200 h output from the printer 153 connected to the audit computer 100 and the time stamp read from the token module 200 connected to the verification computer 400 and displayed on the verification computer 400. Compare with 200h. If the result of the comparison is a match, the operation result by the audit program 120f is recognized as being valid, while if the result is not a match, the operation result by the audit program 120f is not recognized as being valid and an illegal operation is performed. It will be judged that there is a possibility that it has been broken.

Next, the time stamp of this embodiment will be described.
FIG. 4 is a diagram illustrating a data structure of a time stamp. The time stamp 201 is an example of the time stamp 200h generated by the time stamp output unit 110h after the calculation by the audit program 120f and stored in the token module 200.

  The time stamp is a mechanism or technique that gives accurate time information to electronic data, and performs data existence proof at that time and non-falsification proof of data after that time. For the time stamp, an electronic signature applied to a hash value of data, time information, and the like is usually used for existence proof and non-falsification proof. In this way, the reliability of the document content can be ensured using the time stamp.

  The time stamp 201 includes information in each column of the case number 201a, PID 201b, UID 201c, TIME 201d, DIx 201e, DMx 201f, DOx 201g, KU 201h, KEVA 201k, DSIGN 201m, and PSIGN 201p.

In the column of the case number 201a, a number set for each case for specifying a case to be processed by the audit program 120f is stored.
The column of PID 201b stores a program ID that is an identification symbol for identifying the audit program 120f.

  The column of the UID 201c stores a user ID that is an identification symbol for identifying a user who has performed an operation for generating the time stamp 201 using the falsification preventing program 110 and the audit program 120f.

In the TIME 201d column, the time when the calculation using the falsification preventing program 110 and the audit program 120f is completed and the time stamp 201 is generated is stored.
The DIx 201e column stores input data 300 input by the user. Here, “x” of “DIx” is a number assigned to distinguish each data when the input data 300 is composed of a plurality of data. For example, a natural number of 1 or more is appropriately set. Assigned.

For example, when the input data 300 is composed of three pieces of data, the three pieces of data are represented as “DI1”, “DI2”, and “DI3”, respectively.
In the column of DMx 201f, intermediate result data of processing by the audit program 120f is stored as necessary. Here, “x” of “DMx” is set to a number assigned to distinguish each data when the intermediate result of the processing by the audit program 120f is composed of a plurality of data, similarly to DIx201e. Is done.

  The column of DOx 201g stores output data 200g that is the final result of the processing by the audit program 120f. Here, “x” of “DMx” is set to a number assigned to distinguish each data when the output data 200g is composed of a plurality of data, like DIx 201e.

In the KU 201h column, the private key of the user's electronic signature is stored.
In the column of KEVA 201k, the private key of the electronic signature of the vendor that created the falsification prevention program is stored.

  In the column of DSIGN 201m, an electronic signature for the calculation processing result by the audit program 120f is stored. For example, the falsification prevention program 110 MAC-processes the case number 201a, PID 201b, UID 201c, TIME 201d, DIX 201e, and DOx 201g, and encrypts it with the user's private key KU 201h, thereby giving an electronic signature by the user Is. Thereby, it is possible to verify that the calculation result is generated by the user by the public key of the user's electronic signature and has not been tampered with.

  The electronic signature for the calculation processing result of DSIGN 201m will be described. First, the falsification prevention program 110 is data relating to the calculation of the audit program 120f of the present embodiment, for example, the case number 201a, PID 201b, UID 201c, TIME 201d, DIX 201e, DOx 201g and the like are concatenated into one message data. Next, the falsification preventing program 110 calculates a hash value using a specific hash function prepared in advance for the message data. The calculated hash value becomes the MAC of data related to the calculation of the audit program 120f. This hash function is prepared in advance by a verifier and stored in the token module 200. Note that the hash function may be acquired from other than the token module 200, for example, distributed in advance so that a user or a verifier can obtain it on the Internet.

  Then, the falsification preventing program 110 applies the private key (KU201h) of the user's electronic signature to the MAC that is the calculated hash value, and generates DSIGN 201m that is the electronic signature for the operation processing result. The generated digital signature of DSIGN 201m is stored in the secure token module 200 by the tamper resistant function as a part of the time stamp 201 by the falsification preventing program 110.

The verifier can verify the correctness of the operation result of the audit program 120f by using the electronic signature for the operation result of DSIGN 201m.
Specifically, the verifier uses the verification computer 400 to send a message from the data used for calculation of the hash value by the falsification prevention program 110 from the data stored in the token module 200. For example, the case number 201a, PID 201b, UID 201c, TIME 201d, DIx 201e, DOx 201g, and the like used for the data are connected to form message data. Then, a hash value is calculated from the message data thus obtained using the same hash function as the hash function used by the falsification preventing program 110. Similar to the falsification preventing program 110, the calculated hash value becomes the MAC of data related to the operation of the audit program 120f.

  Next, similarly to the falsification prevention program 110, the verification computer 400 applies the KU 201h, which is the private key of the user's electronic signature stored in the token module 200, to the MAC, which is the calculated hash value, An electronic signature for the operation processing result is generated.

  Then, the verification computer 400 compares the electronic signature for the arithmetic processing result generated by itself with the DSIGN 201m that is the electronic signature for the arithmetic processing result generated by the falsification prevention program 110 and stored in the token module 200.

  Here, if the data related to the operation processing result has been tampered with, the hash value obtained from the operation processing result changes, so the electronic signature changes. Therefore, if the comparison results match, it is recognized that the calculation processing result has not been falsified and is valid.

  Not limited to this, the verifier uses the verification computer 400 to correspond to the user's electronic signature private key (KU201h) with respect to the digital signature of the SIGN 201m included in the time stamp 201. And the operation processing result may be verified by decrypting the digital signature for the operation processing result of DSIGN 201m. In this case, the verification computer 400 compares the hash value of the message data related to the operation result of the audit program 120f obtained by decryption with the hash value calculated by the falsification prevention program 110 and stored in the token module 200. By doing so, the validity of the calculation processing result is verified.

  The column of PSIGN 201p stores the electronic signature of the audit program 120f itself. In this PSIGN 201p, for example, a falsification prevention program creation vendor performs MAC processing on the above-described PID 201b (program ID), data of a program module or source code, and the like. The digital signature is given by a program creation vendor by encrypting with a certain KEVA 201k. As a result, the electronic signature of the audit program 120f itself of the PSIGN 201p is directly compared or decrypted with the public key of the electronic signature of the program creation vendor, so that the audit program 120f is created by the program creation vendor, It is possible to verify that no tampering has occurred.

  The electronic signature of the audit program 120f of the PSIGN 201p itself will be described. First, in the program creation vendor that created the audit program 120f, the data related to the audit program 120f, for example, the program module or source code of the PID 201b or the audit program 120f On the other hand, a hash value is calculated using a specific hash function prepared in advance. The calculated hash value becomes the MAC of the audit program 120f itself. Here, since the calculation of the hash value is performed in the same manner as the digital signature for the operation processing result of DSIGN 201m, description thereof is omitted.

  In this embodiment, hash values such as the program modules and source codes of the PID 201b and the audit program 120f are used as the MAC of the audit program 120f itself. However, the present invention is not limited to this, and the calculation is performed without calculating the hash value. The PID 201b may be used as the MAC as it is instead of the hash value.

  Next, the private key (KEVA 201k) of the creation vendor's electronic signature is applied to the MAC that is the calculated hash value (or PID 201b), and PSIGN 201p that is the electronic signature of the audit program 120f itself is generated.

  The generated electronic signature of PSIGN 201p is stored in advance in a secure token module 200 by a verifier by a tamper-proof function, and constitutes a part of the time stamp 201.

  The tampering prevention program 110 can verify the legitimacy of the audit program 120f itself by the electronic signature of the audit program 120f itself of the PSIGN 201p. Further, the verifier can verify the validity of the audit program 120f itself by the electronic signature of the audit program 120f itself of the PSIGN 201p.

  In the present embodiment, the creation vendor generates an electronic signature of the PSIGN 201p audit program 120f itself, and the verifier stores it in the token module 200. However, the present invention is not limited to this. Each time, the electronic signature of the audit program 120f itself may be generated and stored in the token module 200.

  In this case, first, the hash value is calculated by the falsification preventing program 110 using a specific hash function prepared in advance for the data related to the audit program 120f, for example, the program module or source code of the PID 201b and the audit program 120f. Is done. However, the present invention is not limited thereto, and the hash value may not be calculated, and the PID 201b may be used as it is instead of the calculated hash value.

  Then, the private key (KEVA 201k) of the creation vendor's electronic signature is applied to the calculated hash value (or PID 201b) by the falsification prevention program 110, and the electronic program of the audit program 120f itself is separate from the electronic signature of the PSIGN 201p. A signature is generated. The newly generated electronic signature of the audit program 120f itself is stored in the secure token module 200 by the tamper resistant function as a part of the time stamp 201 by the falsification preventing program 110.

  The verifier can verify the legitimacy of the audit program 120f actually used for the arithmetic processing by the electronic signature of the audit program 120f itself generated by the falsification prevention program 110, which is different from the electronic signature of the PSIGN 201p. it can.

  It should be noted that the information on the case number 201a, PID 201b, UID 201c, TIME 201d, DIx 201e, DMx 201f, DOx 201g, KU 201h, KEVA 201k, DSIGN 201m, and PSIGN 201p is invalid in the token module 200 due to the tamper resistant function of the token module 200. Protected from access.

  As described above, the time stamp 200h generated by the time stamp output unit 110h after the calculation by the audit program 120f is completed is stored in the token module 200. When the calculation by the audit program 120f is completed, TIME 201d (generation time), DIx 201e (input data), DOx 201g (output data), and DSIGN 201m (electronic signature for the calculation processing result), which are part of the time stamp 200h, The data is output from the printer 153 connected to the auditing computer 100.

  The user of the falsification prevention program receiving verification of the calculation result of the audit program 120f prints out these data output from the printer 153, and further calculates the structure of the token module 200 connected to the audit computer 100 at the time of calculation. Attached to the document. The verifier who has received this information includes the TIME 201d, DIx 201e, DOx 201g, and SIGN 201m, which are part of the time stamp 200h output on the printout attached to the structural calculation, and the time stored in the token module 200. If the corresponding items in the stamp 200h are compared and matched, the calculation result is recognized as valid. On the other hand, if the comparison results do not match, the calculation result is not verified as valid and fraud It may have been done.

  In this embodiment, after executing the MAC process, an electronic signature using a public key method is applied. However, the present invention is not limited to this, and common to AES-MAC processes using AES (Advanced Encryption Standard) and the like. The validity of the calculation processing result of the audit program 120f may be verified using a key method. In this case, a common key stored in the token module 200 in advance is used.

  Specifically, first, the audit computer 100 encrypts data related to the operation processing result of the audit program 120f with a common key to generate a MAC. The generated MAC is stored in the token module 200. Next, the verification computer 400 encrypts the data related to the operation processing result of the audit program 120f stored in the token module 200 with the common key to generate the MAC. Then, the verification computer 400 performs message authentication by comparing the MAC generated by the auditing computer 100 with the MAC generated by the verification computer 400.

Next, the entire procedure of the tampering prevention process will be described.
5 and 6 are flowcharts showing the procedure of the tampering prevention process. In the following, the process illustrated in FIGS. 5 and 6 will be described in order of step number.

  The verifier who verifies the processing result of the audit program 120f provides the token module 200 in which the audit program 120f is stored to the user of the auditing computer 100 who makes an application.

  The user of the auditing computer 100 receives them for each application, and the auditing computer 100 executes arithmetic processing by the falsification preventing program 110 and the auditing program 120f.

  Here, the verifier stores the authentication information 200a and the electronic signature of the audit program 120f to be used in the token module 200 in advance. Thereby, unauthorized access to the token module 200 is prevented. The authentication information 200a needs to be determined so as not to be known to a user or an external person by, for example, a developer or verifier of the falsification prevention program 110. In the present embodiment, the authentication information 200a is stored in the token module 200 in advance by the verification computer 400 on the authentication information input screen 401 (see FIG. 9) displayed by the verification computer 400.

In the present embodiment, when the token module 200 is connected to the auditing computer 100, the auditing computer 100 automatically starts a falsification preventing process.
[Step S11] The authentication information receiving unit 110a acquires the authentication information 200a stored in the token module 200. The authentication information 200a is information uniquely assigned to each token module 200 in order to identify the token module 200 and to ensure the validity of the token module 200. The audit computer 100 is permitted to use the audit program 120f only after the validity of the authentication information 200a is confirmed.

  [Step S12] The authentication information receiving unit 110a determines whether or not the token module 200 is valid based on the authentication information 200a acquired in step S11. If the authentication information receiving unit 110a can authenticate that the token module 200 is valid, the authentication information reception unit 110a proceeds to step S13.

  [Step S <b> 13] The audit program storage unit 120 reads the compressed audit program 200 f from the token module 200 and expands it into an audit program 120 f that can be executed by the auditing computer 100.

[Step S14] The program confirmation unit 110c creates an electronic signature of the audit program 120f from the audit program 120f expanded in step S13.
[Step S15] The program signature receiving unit 110b reads program signature information 200b, which is signature information of the audit program 120f stored in the token module 200 in advance.

  [Step S16] The program confirmation unit 110c compares the electronic signature of the audit program 120f created in step S14 with the program signature information 200b read in step S15, and determines whether or not they match. If the electronic signature and the program signature information 200b match, the program confirmation unit 110c advances the process to step S17. If not matched, the program confirmation unit 110c ends the process.

  [Step S17] The input data receiving unit 110d displays a data input screen 142 (see FIG. 10) for inputting the input data 300 on the monitor 140, and inputs the input data 300 to the user of the falsification preventing program 110. Request.

  [Step S18] The input data receiving unit 110d receives the input data 300 input by the user of the falsification preventing program 110 using an input device such as the keyboard 151, and advances the processing to step S21 (FIG. 6).

  [Step S21] The audit program execution unit 110e executes an audit program execution process. This audit program execution process is a process for executing the audit program 120f stored in the audit program storage unit 120, and will be described in detail later with reference to FIG.

  [Step S22] Whether the output data acquired as a result of the execution of the audit program 120f in step S21 satisfies an expected condition such as sufficient strength if the output data is a structural calculation program, for example. Judge whether or not. The audit program execution unit 110e advances the process to step S23 if the output data satisfies the condition, and ends the process if the condition does not satisfy the condition.

  [Step S23] The input data receiving unit 110d transmits the input data 300 input by the user to the token module 200, and stores the transmitted input data 300 in the token module 200 as the input data 200d.

  [Step S24] The output data transmission unit 110g transmits the output data acquired by the arithmetic processing of the audit program 120f to the token module 200, and stores the transmitted output data in the token module 200 as the output data 200g.

[Step S25] The time stamp output unit 110h creates a time stamp 200h.
Specifically, the falsification prevention program 110 concatenates, for example, the case number 201a, PID 201b, UID 201c, TIME 201d, DIX 201e, DOx 201g, etc., which are data related to the calculation of the audit program 120f, into one message data. Next, the falsification preventing program 110 calculates a hash value using a specific hash function prepared in advance for the message data. Next, the falsification preventing program 110 applies KU 201h, which is the private key of the user's electronic signature, to the calculated hash value, and generates DSIGN 201m, which is the electronic signature for the operation processing result.

Then, the falsification preventing program 110 generates the time stamp 201 (see FIG. 4) including the generated digital signature DSIGN 201m.
[Step S26] The time stamp output unit 110h transmits the time stamp 201 created in step S25 to the token module 200, and stores the transmitted time stamp 201 in the token module 200 as the time stamp 200h.

  [Step S27] The time stamp output unit 110h outputs the output data 200g acquired in step S21 and a predetermined part of the time stamp 200h created in step S25 to the printer 153, and the output data 200g and the time stamp 200h are predetermined. Print out a part.

By such falsification prevention processing, the correctness of the calculation result of the audit program 120f is ensured, and the falsification of the calculation result can be prevented.
Next, the audit program execution process executed in step S21 of the falsification prevention process (FIGS. 5 and 6) will be described in detail.

FIG. 7 is a flowchart showing the procedure of the audit program execution process. In the following, the process illustrated in FIG. 7 will be described in order of step number.
[Step S31] The audit program execution unit 110e activates the audit program 120f stored in the audit program storage unit 120.

[Step S32] The audit program execution unit 110e inputs the input data 300 to the audit program 120f and executes the calculation.
[Step S33] The audit program execution unit 110e acquires the operation result of the audit program 120f calculated in step S32, and sets it as output data 200g.

By such an audit program execution process, the calculation by the audit program 120f is performed, and the calculation result of the audit program 120f is acquired.
The user of the auditing computer 100 submits to the verifier the token module 200 storing the output result obtained by the printer 153 obtained by performing the falsification preventing process and the obtained data.

Next, the verification process executed by the verification computer 400 will be described in detail.
FIG. 8 is a flowchart showing the procedure of the verification process. In this verification process, the verification computer 400 displays the calculation result in order to verify the calculation result of the audit program 120f acquired by the falsification prevention process (FIGS. 5 and 6) and the audit program execution process (FIG. 7). It is processing. In the present embodiment, when the token module 200 is connected to the verification computer 400, the verification computer 400 automatically starts an inspection process. In the following, the process illustrated in FIG. 8 will be described in order of step number.

[Step S41] The verification computer 400 acquires the authentication information 200a stored in the token module 200.
[Step S42] The verification computer 400 determines whether or not the token module 200 is valid based on the authentication information 200a acquired in step S41. If the verification computer 400 can authenticate that the token module 200 is valid, the verification computer 400 proceeds to step S43. On the other hand, if the verification module 400 cannot authenticate that the token module 200 is valid, the processing ends.

  [Step S43] The verification computer 400 receives an input of a display request from the verifier and determines whether or not a time stamp display request is made by the verifier. If the time stamp display request has been made, the verification computer 400 proceeds to step S44. If the time stamp display request has not been made, the verification computer 400 proceeds to step S45.

  [Step S44] The verification computer 400 displays the time stamp display screen 403 (see FIG. 11) on the display screen (not shown) of the verification computer 400 in response to the time stamp display request from the verifier in step S43. Then, the process proceeds to step S49 by the display end operation.

  [Step S45] The verification computer 400 receives an input of a display request from the verifier and determines whether or not a display request for the input data 200d is made by the verifier. If the display request for the input data 200d has been made, the verification computer 400 proceeds to step S46. If the display request for the input data 200d has not been made, the verification computer 400 proceeds to step S47.

  [Step S46] The verification computer 400 displays the input data display screen 404 (see FIG. 12) on the display screen (not shown) of the verification computer 400 in response to the display request of the input data 200d by the verifier in step S45. And it progresses to step S49 by display end operation.

  [Step S47] The verification computer 400 receives an input of a display request from the verifier and determines whether or not a display request for the output data 200g is made by the verifier. If the display request for the output data 200g has been made, the verification computer 400 proceeds to step S48, whereas if the display request for the output data 200g has not been made, the verification computer 400 proceeds to step S49.

  [Step S48] The verification computer 400 displays the output data display screen 405 (see FIG. 13) on the display screen (not shown) of the verification computer 400 in response to the display request of the output data 200g by the verifier in step S47. And it progresses to step S49 by display end operation.

  [Step S49] The verification computer 400 receives an input as to whether or not to continue displaying each display screen by the verifier, and determines whether or not to continue the verification process based on this input. The verification computer 400 proceeds to step S43 when continuing the verification process, and ends the process when ending the verification process.

  By such verification processing, the verification computer 400 displays the input data, output data, and time stamp by the audit program 120f executed by the auditing computer 100. Thus, information such as input data, output data, and time stamp displayed on the verification computer 400 is confirmed, or each information displayed on the verification computer 400 and the structural calculation document submitted to the verifier are displayed. The validity of the calculation result of the audit program 120f can be verified against the description items and the contents of the attached printout.

Next, examples of screens displayed on the audit computer 100 and the verification computer 400 are shown.
FIG. 9 is a diagram illustrating an example of an authentication information input screen displayed on the verification computer. When the verifier inputs the authentication information 200a to the verification computer 400 in order to store the authentication information 200a that can identify the token module 200 in advance for the token module 200 connected to the auditing computer 100, the verification computer An authentication information input screen 401 as shown in the figure is displayed on a monitor 400 (not shown).

  The authentication information input screen 401 is provided with an authentication information input field 401 a for inputting authentication information 200 a stored in the token module 200. The verifier inputs the authentication information 200a through the authentication information input field 401a. The input authentication information 200a enables the stored token module 200 to be authenticated.

  On the authentication information input screen 401, after the input of the authentication information 200a is completed, the authentication information input screen 401 is terminated and the authentication information input confirmation for starting the process of storing the authentication information 200a in the token module 200 is confirmed. A button 401b is provided. The verifier verifies the input contents of the authentication information 200a by the authentication information input confirmation button 401b. The authentication information 200a is stored in the token module 200 by the verification computer 400.

The authentication information 200 a stored in the token module 200 is protected from unauthorized reading / writing and tampering by the tamper resistance function of the token module 200.
FIG. 10 is a diagram illustrating an example of a data input screen displayed on the audit computer. When the user of the falsification preventing program 110 inputs the input data 300 to be processed by the audit program 120f to the audit computer 100, the monitor 140 connected to the audit computer 100 has a data input screen as shown in the figure. 142 is displayed.

  The data input screen 142 is provided with a data input unit 142a for inputting the input data 300 that is processed by the audit program 120f. The user of the falsification preventing program 110 inputs the input data 300 through the data input unit 142a. The input data 300 that has been input is input to the audit program 120f. Then, as a result of the arithmetic processing by the audit program 120f, output data 200g is acquired. The input data 300 is transmitted to the token module 200 and stored as input data 200d.

  The data input screen 142 is provided with an input data confirmation button 142b for confirming the input data 300 after the input of the input data 300 is completed and ending the data input screen 142. With the input data confirmation button 142b, the user confirms the input content of the input data 300. The input data 300 is input to the audit program 120 f by the audit computer 100 and stored in the token module 200.

  Like the authentication information 200a, the input data 300 stored in the token module 200 is protected from unauthorized reading / writing and tampering by the tamper resistance function of the token module 200.

  FIG. 11 is a diagram illustrating an example of a time stamp display screen displayed on the verification computer. For the time stamp 200h that guarantees the validity of the output data 200g obtained as a result of the calculation by the auditing computer 100, the time stored in the token module 200 by the verifier in the verification computer 400 for verification of the calculation result. When a display request for displaying the stamp 200h is made, a time stamp display screen 403 as shown in the figure is displayed on a monitor (not shown) of the verification computer 400.

The time stamp display screen 403 displays time information 403a included in the time stamp 200h stored in the token module 200.
Further, the time stamp display screen 403 is provided with a time stamp confirmation button 403b for ending the time stamp display screen 403 after the verifier confirms the time information 403a.

  The verifier checks the time information 403a displayed on the verification computer 400, and further checks the time information 403a displayed on the verification computer 400 and the auditing computer 100 attached to the structural calculation sheet. The validity of the data related to the operation result of the audit program 120f stored in the token module 200 can be verified by checking the time information included in the time stamp 200h output by the connected printer 153.

  FIG. 12 is a diagram illustrating an example of an input data display screen displayed on the verification computer. In order to verify the validity of the input data 300 input by the user of the falsification preventing program 110, the verifier makes a display request to display the input data 200d stored in the token module 200 on the verification computer 400. At this time, an input data display screen 404 as shown in the figure is displayed on a monitor (not shown) of the verification computer 400.

The input data display screen 404 is provided with an input data display unit 404a for displaying the input data 200d stored in the token module 200.
The input data display screen 404 is provided with an input data confirmation button 404b for ending the input data display screen 404 after the verifier confirms the input data 200d.

  The verifier confirms the input data 200d displayed on the verification computer 400, and further inputs the input data 200d displayed on the verification computer 400 and the auditing computer 100 attached to the structural calculation sheet. The validity of the input data 200d input to the audit program 120f can be verified by checking the input data 200d output by the connected printer 153.

  FIG. 13 is a diagram illustrating an example of an output data display screen displayed on the verification computer. In order to verify the validity of the output data 200g output by the arithmetic processing of the audit program 120f based on the input data 300 input by the user, the verifier is stored in the verification computer 400 in the token module 200. When a display request for displaying the output data 200g is made, an output data display screen 405 as shown in the figure is displayed on a monitor (not shown) of the verification computer 400.

The output data display screen 405 is provided with an output data display unit 405a for displaying output data 200g stored in the token module 200.
The output data display screen 405 is provided with an output data confirmation button 405b for ending the output data display screen 405 after the verifier confirms the output data 200g.

  The verifier checks the output data 200g displayed on the verification computer 400, and further outputs the output data 200g displayed on the verification computer 400 and the auditing computer 100 attached to the structural calculation sheet. The validity of the output data 200g acquired from the audit program 120f can be verified by checking the output data 200g output by the connected printer 153.

  As described above, in the first embodiment, information related to the input data 300, information related to the output data 200g, information related to the authentication information 200a, information related to the program signature information 200b, and output data calculated by executing the audit program 120f. An electronic signature is automatically applied to information indicating the calculation time of 200 g (see FIG. 4), and this is further stored in the token module 200 having a tamper resistant function. The data to which the electronic signature is applied can be verified by the verification computer 400.

  As a result, an electronic signature is automatically applied after the arithmetic processing, so that an audit signature can be re-created from the input data and output data, and the audit signature stored in advance in the token module 200 can be verified. For this reason, it becomes difficult to produce the calculation result and to replace the output data based on the input data different from the original input data. In addition, even if the input data and output data are tampered with, it is possible to detect tampering with the electronic signature, and therefore it is possible to prevent these frauds related to the output data. Further, the tamper resistance function of the token module 200 makes it difficult to tamper with the operation results stored in the token module 200 after the output.

  Further, since the legitimacy of the program itself is ensured by providing the information related to the falsification prevention program 110 itself with an electronic signature, the audit program 120f is a certified program, and the program has been tampered with. Unless correct data is input, correct output data can be obtained. Therefore, it is easy to detect fraud due to alteration of the program by the electronic signature for the audit program 120f, and to prevent such fraud. Can do.

As described above, according to the first embodiment, it is possible to prevent falsification of the calculation result of the data audit program 120f.
[Second Embodiment]
Next, a second embodiment will be described in detail with reference to the drawings. Differences from the first embodiment will be mainly described, and description of similar matters will be omitted.

  The falsification preventing program according to the second embodiment prevents falsification of the processing result by the audit program, similarly to the falsification preventing program according to the first embodiment. Here, the tampering prevention program of the second embodiment uses an audit server connected to the network in place of the token module of the first embodiment, as well as an audit computer, a verification computer, and The difference is that audit servers are connected via a network.

  In the second embodiment, the user of the audit program that makes an application submits the calculation result output from the printer connected to the audit computer to the supervisory authority by attaching it to the structural calculation sheet. By comparing the calculation result and the data stored in the audit server using a verification computer, the validity of the calculation result can be determined. Note that data on the network is encrypted.

  FIG. 14 is a diagram illustrating a system configuration example according to the second embodiment. In the network system according to the second embodiment, an audit computer 100, a verification computer 400, and an audit server 2200 are connected via a network 500.

  As in the first embodiment, the auditing computer 100 is a computer that functions to prevent falsification of processing results by the auditing program 120f by the falsification preventing program 110.

As in the first embodiment, the verification computer 400 is a computer for the verifier to verify the validity of the calculation result by the audit program 120f.
The audit server 2200 is a computer for storing the calculation result by the audit program 120f calculated by the audit computer 100 and data for verifying the validity of the calculation result. The audit server 2200 can store data to be transmitted to the audit computer 100 and data transmitted from the audit computer 100. The audit server 2200 has taken countermeasures against unauthorized access, and can protect data held therein from unauthorized access (reading and writing) and tampering.

  The audit server 2200 stores data transmitted from the audit computer 100 in response to a legitimate request from the audit computer 100 connected via the network 500, and stores the stored data in the audit computer 100. Send to. Further, the audit server 2200 transmits the stored data to the verification computer 400 connected via the network 500 to the verification computer 400.

  With the hardware configuration as described above, the processing functions of the present embodiment can be realized. Although the hardware configuration of the audit server 2200 is omitted, it can be realized with the same hardware configuration as the audit computer 100 described in FIG. 2 of the first embodiment.

  Here, the auditing computer 100 and the verification computer 400 can communicate with each other via the network 500 by the communication interface of both computers (see the communication interface 107 in FIG. 2). The same applies between the auditing computer 100 and the auditing server 2200 and between the verification computer 400 and the auditing server 2200.

  Next, in the second embodiment, a function that the tampering prevention program 110 implements in the auditing computer 100 to prevent tampering of the processing result by the auditing program 120f will be described.

  FIG. 15 is a block diagram illustrating functions of the auditing computer according to the second embodiment. As in the first embodiment, the audit computer 100 uses the authentication information receiving unit 110a, the program signature receiving unit 110b, the program checking unit 110c, the input data receiving unit 110d, and the audit program executing unit 110e by the falsification preventing program 110. , Function as an output data transmission unit 110g and a time stamp output unit 110h.

  The authentication information reception unit 110 a is stored in the audit server 2200 and acquires authentication information 2200 a for authenticating the audit server 2200 from the audit server 2200. This authentication information 2200a is information stored in the audit server 2200 so that it cannot be rewritten illegally. As in the first embodiment, the authentication information 2200a may be dynamically changed using a one-time password such as challenge / response authentication to be configured more securely.

  The program signature accepting unit 110b accepts program signature information 2200b that is stored in the audit server 2200 and has an electronic signature applied to information related to the audit program 120f.

  As in the first embodiment, the program confirmation unit 110c confirms the validity of the audit program 120f based on the program signature information 2200b. As in the first embodiment, the validity of the audit program 120f is confirmed by the program signature information 2200b read from the audit server 2200 in step S15 of the falsification prevention process (see FIG. 5) and falsification prevention. In step S14 of the process (see FIG. 5), the information related to the audit program 120f is created by applying the same signature key as the signature key of the electronic signature used when creating the above-mentioned program signature information 2200b. This is done by comparing the electronic signature of the audit program 120f.

  As in the first embodiment, if the comparison results in a match, the audit program 120f is recognized as valid, whereas if it does not match, the audit program 120f is not verified as valid. There is a possibility of fraud. Here, the “signature key that is the same as the signature key used when creating the program signature information 2200b” is stored in the audit server 2200, and is similar to the first embodiment of the program creation vendor. This is a signature key (KEVA 201K: see FIG. 4).

  The validity of the audit program 120f is confirmed by decrypting the program signature information 2200b read from the audit server 2200 with the public key of the electronic signature and the hash used when generating the program signature information 2200b. You may carry out by comparing with the information regarding the audit program 120f calculated | required with the same hash function as the function.

  The input data receiving unit 110d receives an input of the input data 300 processed by the audit program 120f, as in the first embodiment. Then, the input data receiving unit 110d transmits the received input data 300 to the audit server 2200. The transmitted input data 300 is stored in the audit server 2200 as input data 2200d. The input data 2200d stored in the audit server 2200, together with output data 2200g and time stamp 2200h described later, are tampered with the processing result of the audit program 120f by the verification computer 400, as in the first embodiment. Used to verify that it has not been done.

  Here, as described above, the audit server 2200 has taken countermeasures against unauthorized access, and protects data held therein from unauthorized access (reading and writing) and tampering.

  The audit program execution unit 110e instructs the audit computer 100 to execute the audit program 120f based on the input data 300, as in the first embodiment. The audit program 120f is stored in the audit program storage unit 120.

  When the audit server 2200 is connected to the audit computer 100 according to a user instruction of the audit computer 100, the audit program storage unit 120 is compressed into the audit server 2200 as in the first embodiment. The stored audit program 2200f is read, and the read audit program 2200f is expanded in the audit program storage unit 120 itself and stored as an audit program 120f so as to be executable by the auditing computer 100.

  The audit program execution unit 110e instructs the execution of the audit program 120f as in the first embodiment. Further, when instructing the execution of the audit program 120f, the audit program execution unit 110e reads the audit program 120f stored in the audit program storage unit 120 and causes the auditing computer 100 to execute it. Based on the execution instruction by the audit program execution unit 110e, the auditing computer 100 performs arithmetic processing on the input data 300 by the audit program 120f.

  And the audit program execution part 110e acquires the operation result of the audit program 120f based on the input data 300 as output data similarly to 1st Embodiment. This output data is data to be verified that it has not been tampered with.

  The output data transmission unit 110g transmits the output data acquired by the audit program execution unit 110e to the audit server 2200. The transmitted output data is stored in the audit server 2200 as output data 2200g.

  Similar to the first embodiment, the time stamp output unit 110h is calculated by executing the information related to the input data 300, the information related to the output data 2200g, the information related to the authentication information 2200a, the information related to the program signature information 2200b, and the audit program 120f. A time stamp is generated by applying an electronic signature to information indicating the calculation time of the output data 2200g. Then, the time stamp output unit 110h transmits the generated time stamp to the audit server 2200. The transmitted time stamp is stored in the audit server 2200 as a time stamp 2200h. In addition, the time stamp output unit 110 h can output the time stamp 2200 h to the printer 153.

  The verification computer 400 is a computer for the verifier to verify the validity of the calculation result by the audit program 120f. The verification computer 400 can legitimately read and write data stored in the audit server 2200 with countermeasures against unauthorized access.

  When the verifier verifies whether the calculation result by the audit program 120f is valid, the verification server 2200 connected to the verification computer 400 via the network 500 using the verification computer 400. Then, the input data 2200d, the output data 2200g, and the time stamp 2200h stored at the time of the calculation are read out, and the calculation result is verified as in the first embodiment.

  Here, the authentication information 2200a, the program signature information 2200b, the input data 2200d, the audit program 2200f, the output data 2200g, and the time stamp 2200h of the present embodiment are the authentication information 200a and the program signature information of the first embodiment, respectively. 200b, input data 200d, audit program 200f, output data 200g, and time stamp 200h.

  In this embodiment, the audit computer 100 that executes the falsification prevention program 110 generates a time stamp. However, the present invention is not limited to this, and a time stamp authentication (not shown) installed in a time stamp authentication center provided outside the computer is not limited thereto. A time stamp authenticating computer other than the auditing computer 100, such as a computer, may generate the time stamp. In this case, the audit computer 100, the verification computer 400, the audit server 2200, and the time stamp authentication computer are connected by the network 500.

  In the second embodiment, in addition to the first embodiment, the audit computer 100, the verification computer 400, and the audit server 2200 are connected by the network 500. Therefore, the second embodiment is the same as the first embodiment. Thus, there is no need to reconnect the token module 200 between the audit computer 100 and the verification computer 400 or carry the token module 200. Furthermore, from audit to verification can be processed in a short period of time via the network 500.

[Third Embodiment]
Next, a third embodiment will be described in detail with reference to the drawings. Differences from the first embodiment will be mainly described, and description of similar matters will be omitted.

  The falsification preventing program according to the third embodiment prevents falsification of processing results by the audit program, similarly to the falsification preventing program according to the first embodiment. Here, the falsification preventing program according to the third embodiment does not use the token module 200 according to the first embodiment, but uses the token module 200 according to the first embodiment using an audit file that has been provided with countermeasures against unauthorized access. The difference is that the same function is realized.

  In the third embodiment, the audit program 120f and the falsification prevention program 110 are installed, and the input data, the calculation result, and the information stored in the token module 200 in the first embodiment are written in the audit file. After the computer 100 is lent out and the calculation process is completed, the audit computer 100 is submitted to the verifier.

  In order to prevent falsification, the audit file is subjected to data encryption processing and signature processing such as encryption with a password. In addition, the auditing computer 100 lent to the user is subjected to strong security processing such as network blockage and access control. Here, the audit computer 100 may be a notebook personal computer so as to be convenient for transportation between the user and the verifier.

  Next, in the third embodiment, a function that the tampering prevention program 110 implements in the auditing computer 100 to prevent tampering of the processing result by the auditing program 120f will be described.

  FIG. 16 is a block diagram illustrating functions of the auditing computer according to the third embodiment. As in the first embodiment, the audit computer 100 uses the authentication information receiving unit 110a, the program signature receiving unit 110b, the program checking unit 110c, the input data receiving unit 110d, and the audit program executing unit 110e by the falsification preventing program 110. , Function as an output data transmission unit 110g and a time stamp output unit 110h.

  The authentication information receiving unit 110 a acquires authentication information 3200 a stored in the audit file 3200 for authenticating the audit file 3200 from the audit file 3200. This authentication information 3200a is information stored in the audit file 3200 so that it cannot be rewritten illegally. Note that the authentication information 3200a may be configured to be more secure by dynamically changing it using a one-time password such as challenge-response authentication, as in the first embodiment.

  The program signature accepting unit 110b accepts program signature information 3200b that is stored in the audit file 3200 and has an electronic signature applied to information related to the audit program 120f.

  As in the first embodiment, the program confirmation unit 110c confirms the validity of the audit program 120f based on the program signature information 3200b. As in the first embodiment, the validity of the audit program 120f is confirmed by the program signature information 3200b read from the audit file 3200 in step S15 of the falsification prevention process (see FIG. 5) and falsification prevention. In step S14 of the process (see FIG. 5), the information related to the audit program 120f is created by applying the same signature key as the signature key of the electronic signature used when creating the aforementioned program signature information 3200b. This is done by comparing the electronic signature of the audit program 120f.

  As in the first embodiment, if the comparison results in a match, the audit program 120f is recognized as valid, whereas if it does not match, the audit program 120f is not verified as valid. There is a possibility of fraud. Here, the “signature key that is the same as the signature key used when creating the program signature information 3200b” is stored in the audit file 3200, and is similar to that of the first embodiment. This is a signature key (KEVA 201K: see FIG. 4).

  The validity of the audit program 120f is confirmed by decrypting the program signature information 3200b read from the audit file 3200 with the public key of the electronic signature and the hash used when generating the program signature information 3200b. You may carry out by comparing with the information regarding the audit program 120f calculated | required with the same hash function as the function.

  The input data receiving unit 110d receives an input of the input data 300 processed by the audit program 120f, as in the first embodiment. Then, the input data receiving unit 110d transmits the received input data 300 to the audit file 3200. The transmitted input data 300 is stored as input data 3200d in the audit file 3200. The input data 3200d stored in the audit file 3200, together with output data 3200g and a time stamp 3200h to be described later, are tampered with the processing result of the audit program 120f by the verification computer 400, as in the first embodiment. Used to verify that it has not been done.

  Here, as described above, the audit file 3200 is provided with countermeasures against unauthorized access, and protects data held therein from unauthorized access (reading and writing) and tampering.

  The audit program execution unit 110e instructs the audit computer 100 to execute the audit program 120f based on the input data 300, as in the first embodiment. The audit program 120f is stored in the audit program storage unit 120.

  The audit program storage unit 120 reads and reads the audit program 3200f stored in the audit file 3200 after being compressed in accordance with a user instruction of the audit computer 100, as in the first embodiment. The audit program 3200f is expanded in the audit program storage unit 120 itself and stored as an audit program 120f so as to be executable by the auditing computer 100.

  The audit program execution unit 110e instructs the execution of the audit program 120f as in the first embodiment. Further, when instructing the execution of the audit program 120f, the audit program execution unit 110e reads the audit program 120f stored in the audit program storage unit 120 and causes the auditing computer 100 to execute it. Based on the execution instruction by the audit program execution unit 110e, the auditing computer 100 performs arithmetic processing on the input data 300 by the audit program 120f.

  And the audit program execution part 110e acquires the operation result of the audit program 120f based on the input data 300 as output data 3200g similarly to 1st Embodiment. This output data 3200g is data to be verified that it has not been tampered with.

  The output data transmission unit 110g transmits the output data acquired by the audit program execution unit 110e to the audit file 3200. The transmitted output data is stored in the audit file 3200 as output data 3200g.

  Similar to the first embodiment, the time stamp output unit 110h is calculated by executing the information related to the input data 300, the information related to the output data 3200g, the information related to the authentication information 3200a, the information related to the program signature information 3200b, and the audit program 120f. A time stamp is generated by applying an electronic signature to information indicating the calculation time of the output data 3200g. Then, the time stamp output unit 110h transmits the generated time stamp to the audit file 3200. The transmitted time stamp is stored in the audit file 3200 as a time stamp 3200h. The time stamp output unit 110h can output the time stamp 3200h to the printer 153.

  The verification computer 400 is a computer for the verifier to verify the validity of the calculation result by the audit program 120f. The verification computer 400 can legitimately read and write data stored in the audit file 3200 in which measures against unauthorized access are taken.

  When the verifier verifies whether the calculation result by the audit program 120f is valid, the verification file 400 is connected to the verification computer 400 via the network 500 using the verification computer 400. Then, the input data 3200d, the output data 3200g, and the time stamp 3200h stored at the time of calculation are read out, and the calculation result is verified in the same manner as in the first embodiment.

  Here, the authentication information 3200a, the program signature information 3200b, the input data 3200d, the audit program 3200f, the output data 3200g, and the time stamp 3200h of the present embodiment are the authentication information 200a and the program signature information of the first embodiment, respectively. 200b, input data 200d, audit program 200f, output data 200g, and time stamp 200h.

In the third embodiment, functions equivalent to those in the first embodiment can be realized only by software without using a hardware device such as the token module 200.
The above processing functions can be realized by a computer. In this case, a program describing the processing contents of the functions that should be possessed by the audit computer, the verification computer, and the audit server is provided. By executing the program on a computer, the above processing functions are realized on the computer. The program describing the processing contents can be recorded on a computer-readable recording medium. Examples of the computer-readable recording medium include a magnetic recording device, an optical disk, a magneto-optical recording medium, and a semiconductor memory. Examples of the magnetic recording device include a hard disk device (HDD), a flexible disk (FD), and a magnetic tape. Optical disks include DVD (Digital Versatile Disc), DVD-RAM, CD-ROM (Compact Disc Read Only Memory), CD-R (Recordable) / RW (ReWritable), and the like. Magneto-optical recording media include MO (Magneto-Optical disk).

  When distributing the program, for example, a portable recording medium such as a DVD or a CD-ROM in which the program is recorded is sold. It is also possible to store the program in a storage device of a server computer and transfer the program from the server computer to another computer via a network.

  The computer that executes the program stores, for example, the program recorded on the portable recording medium or the program transferred from the server computer in its own storage device. Then, the computer reads the program from its own storage device and executes processing according to the program. The computer can also read the program directly from the portable recording medium and execute processing according to the program. In addition, each time the program is transferred from the server computer, the computer can sequentially execute processing according to the received program.

  The present invention is not limited to the above-described embodiment, and various modifications can be made without departing from the gist of the present invention.

It is a figure which shows the outline | summary of invention. It is a figure which shows the hardware structural example of the computer for an audit. It is a block diagram which shows the function of the computer for auditing of 1st Embodiment. It is a figure which shows the data structure of a time stamp. It is a flowchart (first half) which shows the procedure of a tampering prevention process. It is a flowchart (second half) which shows the procedure of a tampering prevention process. It is a flowchart which shows the procedure of an audit program execution process. It is a flowchart which shows the procedure of a verification process. It is a figure which shows the example of the authentication information input screen displayed on the computer for verification. It is a figure which shows the example of the data input screen displayed on the computer for an audit. It is a figure which shows the example of the time stamp display screen displayed on the computer for verification. It is a figure which shows the example of the input data display screen displayed on the computer for verification. It is a figure which shows the example of the output data display screen displayed on the computer for verification. It is a figure which shows the system configuration example of 2nd Embodiment. It is a block diagram which shows the function of the computer for auditing of 2nd Embodiment. It is a block diagram which shows the function of the computer for auditing of 3rd Embodiment.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Computer 2 Information storage means 2a Input data 2c Output data 2d Audit signature information 3 Input data 4 Computer 4a Verification means 11 Tampering prevention program 11a Input data reception means 11b Arithmetic program execution means 11c Output data transmission means 11d Audit signature information output means 12 Arithmetic program

Claims (10)

In a falsification prevention program for causing a computer to execute processing for preventing falsification of processing results by an arithmetic program,
The computer,
Input data receiving means for receiving input data to be processed by the arithmetic program and transmitting the received input data to the information storage means;
An arithmetic program executing means for instructing the computer to execute the arithmetic program based on the input data, and acquiring the arithmetic result of the arithmetic program as output data;
Output data transmission means for transmitting the output data acquired by the arithmetic program execution means to the information storage means;
Audit signature information output means for generating audit signature information obtained by applying an electronic signature to information related to the input data and information related to the output data, and transmitting the generated audit signature information to the information storage means;
Anti-tamper program characterized by functioning as Arithmetic program signature receiving means, which is stored in the information storage means, and obtains arithmetic program signature information obtained by applying an electronic signature to information relating to the arithmetic program from the information storage means,
Calculation program confirmation means for confirming the validity of the calculation program based on the calculation program signature information;
The falsification preventing program according to claim 1, wherein The arithmetic program is stored in the information storage means,
Said computer further
Program acquisition means for acquiring the arithmetic program from the information storage means;
Storage means for storing the arithmetic program acquired by the arithmetic program acquisition means;
Function as
2. The falsification preventing program according to claim 1, wherein the arithmetic program executing means further causes the computer to read out and execute the arithmetic program from the storage means when instructing execution of the arithmetic program.   3. The audit signature information output unit generates audit signature information obtained by applying an electronic signature to information related to the input data, information related to the output data, and information related to the operation program signature information. Anti-tamper program.   2. The falsification preventing program according to claim 1, wherein said computer further causes said information storage means to function as authentication information receiving means for receiving authentication information for authenticating said information storage means.   The audit signature information obtained by applying an electronic signature to the information related to the input data, the information related to the output data, and the information indicating the calculation time of the output data calculated by executing the arithmetic program is generated. 1. The falsification prevention program according to 1. In the falsification prevention device that prevents falsification of the processing result by the arithmetic program,
Input data receiving means for receiving input data processed by the arithmetic program and transmitting the received input data to the information storage means;
An arithmetic program executing means for executing the arithmetic program based on the input data and acquiring an arithmetic result of the arithmetic program as output data;
Output data transmission means for transmitting the output data acquired by the arithmetic program execution means to the information storage means;
Audit signature information output means for generating audit signature information obtained by applying an electronic signature to information relating to the output data and information relating to the input data, and transmitting the generated audit signature information to the information storage means;
A tamper-proof device characterized by comprising: In a falsification prevention system that prevents falsification of processing results by a computation program,
Information storage means capable of storing information;
Input data receiving means for receiving input data processed by the arithmetic program and transmitting the received input data to the information storage means;
An arithmetic program executing means for executing the arithmetic program based on the input data and acquiring an arithmetic result of the arithmetic program as output data;
Output data transmission means for transmitting the output data acquired by the arithmetic program execution means to the information storage means;
Audit signature information output means for generating audit signature information obtained by applying an electronic signature to information relating to the input data and information relating to the output data, and transmitting the generated audit signature information to the information storage means;
A tamper-proof system characterized by comprising: A tamper-proof device comprising: the input data receiving unit; the arithmetic program executing unit; the output data transmitting unit; and the audit signature information output unit.
The information storage means is an external server;
9. The falsification preventing system according to claim 8, wherein the falsification preventing apparatus and the external server are connected by an electric communication line. In a falsification preventing method by a computer that prevents falsification of a processing result by an arithmetic program,
Receiving input of input data processed by the arithmetic program;
The received input data is transmitted to an information storage means capable of storing information, the computer is instructed to execute the operation program based on the input data, the operation result of the operation program is obtained as output data, and the operation The output data acquired by executing the program is transmitted to the information storage unit, and the audit signature information obtained by applying an electronic signature to the information related to the output data and the information related to the input data is generated. Transmitting to the information storage means;
A tamper-proof method comprising:

Images