JP2014207607A - Altered data restoration system, altered data restoration method, and program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To accurately calculate an evidence property information residual ratio.SOLUTION: Data is stored in a first storage part 23. A converted value generation part 221 generates a row direction converted value Cy[n] and a column direction converted value Cx[n][m]. A first verification information generation part 222 generates a row direction first verification information y[n] and a column direction first verification information x[m]. A second verification information generation part 223 generates a row direction second verification information y'[n] and a column direction second verification information x'[m]. A verification part 25 specifies each altered portion of the data using the row direction first verification information y[n], the column direction first verification information x[m], the row direction second verification information y'[n], and the column direction second verification information x'[m]. A restoration part verifies, for each specified altered portion, whether a row direction restored value Ey[n][m] generated using the row direction converted value Cy[n] matches a column direction restored value Ex[n][m] generated using the column direction converted value Cx[n][m].

Description

  The present invention relates to security technology. In particular, the present invention relates to a technique for detecting forgery, deletion, falsification, and the like of data used in a system, correcting errors in the falsified data, and improving evidence.

  In an enterprise information system, medical system (EHR: Electric Health Record), logistics management system, etc., it is output from the system in order to objectively evaluate whether the system is operating correctly by analyzing the data collected from the system. Collecting data is playing an important role.

  For this reason, changing or falsifying data collected from the system is a serious threat to the operation of the system. Therefore, ensuring the integrity of the collected data is an important issue.

  Since the data output from the system is generated in large quantities in real time one after another, there is a need for technology that can reliably detect data changes or alterations when the data output from the system is changed or altered. ing.

  Data output from the system includes, for example, log information. In order to prevent falsification and deletion of log information and to detect them, methods of encrypting the log information itself and saving the log information itself to a plurality of media are used.

  However, today, log information is generated one after another in large quantities in real time, so this method is inefficient, it is possible to detect falsification of the log information, and the amount of information is efficient and has high evidence There is a need for a method for restoring log information.

  For example, in Patent Document 1, a hash chain using a link hash is generated in the row direction from log information, and this is used to detect forgery, deletion, falsification, etc. of data, and evidence of the data that has been falsified. A certain place is specified.

International Publication No. 2008/026238 Pamphlet

  However, since the technique described in Patent Document 1 uses a hash chain only in the row direction, if the number of tampered portions increases, the non-tampered portion included in the row direction is detected as an extra tampered portion. As a result, a large error occurs in the evidence information remaining rate. Here, the evidence information remaining rate is the amount of information remaining when reliable information remains among the tampered information.

  An object of the present invention is to provide a data falsification restoration technique capable of accurately calculating the evidence information remaining rate.

  In order to solve the above problems, a data falsification / restoration system according to an aspect of the present invention is configured such that N and M are predetermined integers of 2 or more, n = 1,..., N, m = 1,. , Using a first storage unit for storing data composed of N × M data blocks divided into N rows × M columns, and row direction conversion using M data blocks in the nth row of data A conversion value generation unit that generates a value Cy [n] and generates a column-direction conversion value Cx [n] [m] using the data block of the mth column of the nth row of data, and the nth row of the data Generate first row verification information y [n] using M data blocks, and generate first column verification information x [m] using N data blocks in the m-th column of data. A verification information generator, a row direction conversion value Cy [n], a column direction conversion value Cx [n] [m], a row direction first verification information y [n], and a column direction first verification information x [m] Read from the first storage unit and the second storage unit The second direction verification information y ′ [n] is generated using the M data blocks in the nth row of the data, and the N data blocks in the mth column of the data read from the first storage unit are used. A second verification information generation unit that generates column direction second verification information x ′ [m], row direction first verification information y ′ [n] and column direction first verification information x [ a verification unit that identifies a data falsification point by verifying whether m] matches each of the row direction second verification information y ′ [n] and the column direction second verification information x ′ [m] For each of the tampered locations, the row direction restoration value Ey [n] [m] obtained by restoring the data block of the mth column of the nth row using the row direction transformation value Cy [n] is the column direction transformation value Cx [ and a restoration unit that verifies whether or not the column-direction restoration value Ex [n] [m], which is obtained by restoring the data block of the mth column of the nth row using n] [m], is included.

  According to the data falsification and restoration technique of the present invention, the evidence information remaining rate can be accurately calculated by specifying and restoring the falsified portion of the falsified data.

The figure which illustrates the function structure of a data alteration restoration system. The figure which illustrates the processing flow of the data falsification restoration method. The figure which illustrates the production | generation method of the conversion value of row direction, and verification information. The figure which illustrates the conversion value of column direction, and the production | generation method of verification information. The figure which illustrates the production | generation method of verification intersection information and integrated verification information. The figure which illustrates the processing flow which specifies the alteration location of a line direction. The figure which illustrates the processing flow which identifies the alteration location of a column direction. The figure which illustrates the identification method of the falsification location of data. The figure which illustrates the identification method of the falsification location of data.

  Hereinafter, embodiments of the present invention will be described in detail. In addition, the same number is attached | subjected to the component which has the same function in drawing, and duplication description is abbreviate | omitted.

[Embodiment]
With reference to FIG. 1, an example of a functional configuration of the data falsification restoration system of the embodiment will be described. The data alteration / restoration system includes a data generation unit 1 and a data processing device 2, and further includes a TSA server 32 in this example. The data processing device 2 includes a data collection unit 21, a verification information generation unit 22, a first storage unit 23, a second storage unit 24, a verification unit 25, and a restoration unit 26, and further includes a TSA client unit 31 in this example. The verification information generation unit 22 further includes a conversion value generation unit 221, a first verification information generation unit 222, and a second verification information generation unit 223. The TSA client unit 31 and the TSA server 32 constitute a time information adding unit 3. TSA is an abbreviation for Time Stamping Authority, and is a time certificate authority in the time stamp authentication protocol.

  With reference to FIG. 2, an operation example of data falsification restoration processing executed by the data falsification restoration system will be described in the order of procedures actually performed.

  The data generation unit 1 generates data to be subjected to data falsification restoration processing (step S1). The data generation unit 1 and the data processing device 2 are connected by the Internet, Ethernet (registered trademark), a dedicated line, a system bus, etc., and data generated by the data generation unit 1 is transmitted to the data processing device 2. . The data generation unit 1 is, for example, a log server. The data generation unit 1 may be an information terminal such as a PC, a mobile phone, or a smartphone.

  The data collection unit 21 of the data processing device 2 stores the data received from the data generation unit 1 in the first storage unit 23 via the verification information generation unit 22 (step S21). Of course, the data collection unit 21 may directly store the data received from the data generation unit 1 in the first storage unit 23 without using the verification information generation unit 22.

  The data stored in the first storage unit 23 is divided into N rows × M columns, where N and M are predetermined integers of 2 or more, n = 1,..., N, m = 1,. Is composed of N × M data blocks. The data length of the data block can be designed to an arbitrary size in consideration of the nature of the data to be processed.

  The conversion value generation unit 221 of the verification information generation unit 22 generates the row direction conversion value Cy [n] using the M data blocks in the n-th row of the data received from the data generation unit 1, and the data generation unit 1 The column direction conversion value Cx [n] [m] is generated using the data block of the mth column of the nth row of the data received from (Step S221).

  First, the conversion value generation unit 221 generates a random number I having the same size as the data length in the row direction of the data, as shown in FIG. The conversion value generation unit 221 may generate the random number I at random one by one, or may select the random number I according to a predetermined rule from a plurality of values generated in advance and stored in a storage unit such as a memory. Good.

  The conversion value generation unit 221 generates the row direction conversion value Cy [1] by calculating the exclusive OR of the random number I and the M data blocks in the first row of data, and the row direction conversion value Cy [ 1] and M data blocks in the second row of data are calculated to generate a row direction conversion value Cy [2], and so on, and ..., row direction conversion value Cy [N-1 ] And M data blocks in the Nth row of data are calculated to generate a row direction conversion value Cy [N].

  Next, as shown in FIG. 4, the conversion value generation unit 221 generates N random numbers I [1],..., I [N] having the same size as the data length of the data block. The conversion value generation unit 221 may generate N random numbers I [1],..., I [N] at random one by one, or a plurality of conversion values generated in advance and stored in any storage unit N random numbers I [1],..., I [N] may be selected from the values according to a predetermined rule.

  The conversion value generation unit 221 generates a column direction conversion value Cx [1] [1] by calculating an exclusive OR of the random number I [1] and the data block in the first column of the first row of data. The column direction conversion value Cx [1] [2] is generated by calculating the exclusive OR of the column direction conversion value Cx [1] [1] and the data block in the second column of the first row of data. , ..., the column direction conversion value Cx [1] [M-1] and the column direction conversion value Cx [1] are calculated by calculating the exclusive OR of the data block of the Mth column of the first row of data. Generate [M].

  Similarly, the conversion value generation unit 221 calculates the exclusive OR of the random number I [n] and the data block in the first column of the nth row of data for m = 2,. The conversion value Cx [n] [1] is generated, and the column direction is calculated by calculating the exclusive OR of the column direction conversion value Cx [n] [1] and the data block in the second column of the nth row of data. A converted value Cx [n] [2] is generated, and an exclusive OR of the column direction converted value Cx [n] [M-1] and the data block of the Mth column of the nth row of data is obtained. The column direction conversion value Cx [n] [M] is generated by calculation.

  The conversion value generation unit 221 stores the generated row direction conversion value Cy [n] and column direction conversion value Cx [n] [m] in the second storage unit.

  The first verification information generation unit 222 of the verification information generation unit 22 generates row direction first verification information y [n] using M data blocks in the nth row of data received from the data generation unit 1, Column direction first verification information x [m] is generated using the N data blocks in the m-th column of the data received from the data generation unit 1 (step S222).

  First, the first verification information generation unit 222 generates row direction first verification information y [1] using M data blocks in the first row of data, as shown in FIG. The first row verification information y [2] is generated using the M data blocks of the eye, and the first row verification information y [2] is generated using the M data blocks of the Nth row of data. N] is generated.

  For example, the first verification information generation unit 222 uses n as an integer of n = 1,..., N, and outputs an output value when M data blocks in the n-th row of data are input to a predetermined first function. The row direction first verification information y [n] is used. The first function is, for example, a hash function or a function that multiplies a number input.

  In this example, the first verification information generation unit 222 further uses the generated row direction first verification information y [n] (n = 1,..., N) to perform row direction first verification intersection information Hy [n]. (N = 2,..., N) are generated, and the integrated row direction first verification information Hy is generated using these.

  As illustrated in FIG. 3, the first verification information generation unit 222 uses the row direction first verification information y [1] and the row direction first verification information y [2] to perform row direction first verification intersection information Hy [2 ], And the row direction first verification intersection information Hy [3] is generated using the row direction first verification intersection information Hy [2] and the row direction first verification information y [3]. The row direction first verification intersection information Hy [N] is generated using the direction first verification intersection information Hy [N-1] and the row direction first verification information y [N]. Then, integrated row direction first verification information Hy is generated using the generated row direction first verification intersection information Hy [n] (n = 2,..., N).

  For example, the first verification information generation unit 222 sets the row direction first verification intersection information Hy [n−1] and the row direction first verification information y [n], where n is an integer of n = 1,. The output value when input to a predetermined second function is defined as row direction first verification intersection information Hy [n]. Then, the first verification information generation unit 222, for example, outputs the output value when the row direction first verification intersection information Hy [n] (n = 2,..., N) is input to the predetermined third function as the integrated row direction. The first verification information Hy is assumed. The second function is, for example, a hash function or a function that multiplies a number input. The third function is, for example, a hash function or a function that multiplies a plurality of inputs.

  Next, as shown in FIG. 4, the first verification information generation unit 222 generates column direction first verification information x [1] using N data blocks in the first column of data, Column-direction first verification information x [2] is generated using N data blocks in the column, and so on ... Column-direction first verification information x using N data blocks in the M-th column of data Generate [M].

  For example, the first verification information generation unit 222 sets m as integers of m = 1,..., M, and outputs an output value when N data blocks in the m-th column of data are input to a predetermined fourth function. The column direction first verification information x [m] is assumed. The fourth function is, for example, a hash function or a function that multiplies a number input.

  In this example, the first verification information generation unit 222 further uses the column direction first verification information x [m] (m = 1,..., M) to generate column direction first verification intersection information Hx [m]. (M = 2,..., M) is generated, and integrated column direction first verification information Hx is generated.

  As illustrated in FIG. 4, the first verification information generation unit 222 uses the column direction first verification information x [1] and the column direction first verification information x [2] to perform column direction first verification intersection information Hx [2 The column direction first verification intersection information Hx [3] is generated using the column direction first verification intersection information Hx [2] and the column direction first verification information x [3]. The column direction first verification intersection information Hx [M] is generated using the direction first verification intersection information Hx [M-1] and the column direction first verification information x [M]. Then, the integrated column direction first verification information Hx is generated using the generated column direction first verification intersection information Hx [m] (m = 2,..., M).

  For example, the first verification information generation unit 222 sets the column direction first verification intersection information Hx [m−1] and the column direction first verification information x [m], where m is an integer of m = 1,. The output value when input to the predetermined fifth function is the column direction first verification intersection information Hx [m]. Then, the first verification information generation unit 222, for example, outputs the output value when the column direction first verification intersection information Hx [m] (m = 2,..., M) is input to the predetermined sixth function. The first verification information is Hx. The fifth function is, for example, a hash function or a function that multiplies a number input. The sixth function is, for example, a hash function or a function that multiplies a plurality of inputs.

  Finally, the first verification information generation unit 222 generates integrated first verification information Hroot using the generated integrated row direction first verification information Hy and integrated column direction first verification information Hx.

  For example, the first verification information generation unit 222 sets the output value when the integrated row direction first verification information Hy and the integrated column direction first verification information Hx are input to the predetermined seventh function as the integrated first position verification information Hroot. . The seventh function is, for example, a hash function or a function that multiplies a number input.

  In FIG. 5, the first verification information generation unit 222 performs row direction first verification information y [n], row direction first verification intersection information Hy [n], integrated row direction first verification information Hy, column direction first verification. A specific example of generating information x [m], column direction first verification intersection information Hx [m], integrated column direction first verification information Hx, and integrated first verification information Hroot is shown. In this example, the data is composed of N × M data blocks divided into N rows × M columns, where h is an arbitrary hash function, and n is an integer of n = 1,..., N. , M is an integer of m = 1,..., M, the data block of the mth column of the data n is D [n] [m], and the M data blocks of the nth row of data are Dy [n] = {D [n] [1], D [n] [2], ..., D [n] [M]}, and the N data blocks in the m-th column of data are Dx [m] = Let {D [1] [m], D [2] [m], ..., D [N] [m]}. The first verification information generation unit 222 obtains the row direction first verification information y [n] as y [n] = h (Dy [n]), and obtains the row direction first verification intersection information Hy [n] as Hy. [n] = h (Hy [n-1] | Hy [n]) is obtained, and the integrated row direction first verification information Hy is set as the (N-1) th row direction first verification intersection information Hy [N]. Further, the column direction first verification information x [m] is obtained as x [m] = h (Dx [m]), and the column direction first verification intersection information Hx [m] is determined as Hx [m] = h (Hx [m-1] | Hx [m]), and the integrated column direction first verification information Hx is set as the (M-1) th column direction first verification intersection information Hx [M]. Then, the integrated first verification information Hroot is obtained as Hroot = h (Hy | Hx). Here, “| (pipe symbol)” is an operator representing a concatenation operation.

  The first verification information generation unit 222 generates the generated first row direction verification information y [n], first column direction verification information x [m], first row direction verification intersection information Hy [n], first column direction verification. The intersection information Hx [m], integrated row direction first verification information Hy, integrated column direction first verification information Hx, and integrated first verification information Hroot are stored in the second storage unit. The integrated first verification information Hroot is transmitted to the TSA client unit 31.

  The TSA client unit 31 generates a time stamp request (TSA request) including the integrated first verification information Hroot, and transmits it to the TSA server 32 (step S31).

  The TSA server 32 adds time information to the integrated first verification information Hroot included in the received TSA request, signs the first verification information Hroot with the time information added with the private key of the TSA server 32, and sets the time A stamp response (TSA response) is generated. The TSA server 32 transmits the generated TSA response to the TSA client unit 31 (step S32).

  The TSA client unit 31 receives the TSA response and stores it in the second storage unit 24.

  A detailed procedure for transmitting and receiving a TSA request and a TSA response between the TSA client unit 31 and the TSA server 32 is, for example, ““ Internet X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) ”, [online], [2013]. April 3, 2009], Internet <URL: http://www.ietf.org/rfc/rfc3161.txt> (reference document 1) ”.

  Hereinafter, a method for detecting a falsified portion of data stored in the first storage unit 23 will be described.

  The second verification information generation unit 223 of the verification information generation unit 22 uses the M data blocks in the nth row of the data read from the first storage unit 23 at an arbitrary timing to perform the row direction second verification information y ′. [n] is generated, and column direction second verification information x ′ [m] is generated using the N data blocks in the m-th column of the data read from the first storage unit 23 (step S223).

  Arbitrary timing is, for example, (1) a fixed time when a certain arbitrary time has elapsed, (2) a quantitative case where a certain amount of data is accumulated, and (3) an intrusion to the system from the outside. When detected, (4) when the owner of data access right logs in / out of the system, (5) when the system administrator logs in / out of the system, etc.

  First, the second verification information generation unit 223 generates row direction second verification information y ′ [1] using M data blocks in the first row of data, and M data in the second row of data. Generate row direction second verification information y '[2] using a block, ..., generate row direction second verification information y' [N] using M data blocks in the Nth row of data To do.

  For example, the second verification information generation unit 223 sets an output value when M data blocks in the n-th row of data are input to the first function, where n is an integer of n = 1,. The row direction second verification information y ′ [n] is used.

  In this example, the second verification information generation unit 223 further uses the generated row direction second verification information y ′ [n] (n = 1,..., N) to perform row direction second verification intersection information H′y. [n] (n = 2,..., N) is generated, and the integrated row direction second verification information H′y is generated using these.

  The second verification information generation unit 223 generates row direction second verification intersection information H′y [2] using the row direction second verification information y ′ [1] and the row direction second verification information y ′ [2]. Then, using the row direction second verification intersection information H′y [2] and the row direction second verification information y ′ [3], the row direction second verification intersection information H′y [3] is generated, and so on. The row direction second verification intersection information H′y [N] is generated using the row direction second verification intersection information H′y [N−1] and the row direction second verification intersection information y ′ [N]. Then, the integrated row direction second verification information H′y is generated using the generated row direction second verification intersection information H′y [n] (n = 2,..., N).

  For example, the second verification information generation unit 223 sets n as integers of n = 1,..., N, and the row direction second verification intersection information H′y [n−1] and the row direction second verification information y ′ [ The output value when n] is input to the second function is the row direction second verification intersection information H′y [n]. Then, the second verification information generation unit 223, for example, integrates the output values when the row direction second verification intersection information H′y [n] (n = 2,..., N) is input to the above third function. The row direction second verification information is H'y.

  Next, the second verification information generation unit 223 generates column direction second verification information x ′ [1] using the N data blocks in the first column of data, and generates N pieces of data in the second column of data. The column direction second verification information x ′ [2] is generated using the data block, and the column direction second verification information x ′ [M] is generated using the N data blocks in the Mth column of the data. Generate.

  For example, the second verification information generation unit 223 sets m as integers of m = 1,..., M, and outputs an output value when N data blocks in the m-th column of data are input to the above fourth function. The column direction second verification information x ′ [m] is assumed.

  In this example, the second verification information generation unit 223 further uses the generated column direction second verification information x ′ [m] (m = 1,..., M) to generate column direction second verification intersection information H′x. [m] (m = 2,..., M) is generated, and integrated column direction second verification information H′x is generated.

  The second verification information generation unit 223 generates column direction second verification intersection information H′x [2] using the column direction second verification information x ′ [1] and the column direction second verification information x ′ [2]. Then, column-direction second verification intersection information H′x [3] is generated using the column-direction second verification intersection information H′x [2] and the column-direction second verification information x ′ [3], and so on. The column direction second verification intersection information H′x [M] is generated using the column direction second verification intersection information H′x [M−1] and the column direction second verification intersection information x ′ [M]. Then, the generated column direction second verification intersection information H′x [m] (m = 2,..., M) is used to generate integrated column direction second verification information H′x.

  For example, the second verification information generation unit 223 sets the column direction second verification intersection information Hx [m−1] and the column direction second verification information x [m], where m is an integer of m = 1,. The output value when input to the fifth function is the column direction second verification intersection information H′x [m]. Then, for example, the second verification information generation unit 223 integrates output values when the column direction second verification intersection information H′x [m] (m = 2,..., M) is input to a predetermined sixth function. The column direction second verification information H′x.

  Finally, the second verification information generation unit 223 generates integrated second verification information H′root using the generated integrated row direction second verification information H′y and integrated column direction second verification information H′x.

  For example, the second verification information generation unit 223 integrates the output values when the integrated row direction second verification information H′y and the integrated column direction second verification information H′x are input to the seventh function described above. Information H'root.

  Row direction second verification information y ′ [n], column direction second verification information x ′ [m], row direction second verification intersection information Hy ′ [n], column direction second verification intersection information x ′ [ m], integrated row direction second verification information H′y, integrated column direction second verification information H′x, and integrated second verification information H′root are transmitted to the verification unit 25.

  In addition, the TSA client unit 31 decrypts the TSA response read from the second storage unit 24 using the public key of the TSA server 32, and generates integrated first verification information Hroot. The generated integrated first verification information Hroot is transmitted to the verification unit 25.

  In this example, the verification unit 25 first verifies whether the integrated first verification information Hroot generated by the TSA client unit 31 matches the integrated second verification information H′root generated by the second verification information generation unit 223. (Step S25 in FIG. 2, Step y1 in FIG. 6, Step x1 in FIG. 7). If the integrated first verification information Hroot matches the integrated second verification information H'root, the data exists at the time indicated by the time information obtained when the TSA request is decoded, and the data has been falsified. Proven not. If the integrated first verification information Hroot does not match the integrated second verification information H'root, it is proved that the data has been changed or altered. In this case, the verification unit 25 detects the alteration of the data in the row direction and the alteration of the data in the column direction, which will be described below.

  Hereinafter, detection of falsification of data in the row direction will be described with reference to FIG.

  The verification unit 25 verifies whether the integrated first verification information Hroot matches the integrated second verification information H′root (step y1). If the integrated first verification information Hroot does not coincide with the integrated second verification information H'root, the integrated verification information Hy that has been read from the second storage unit 24 is generated by the second verification information generation unit 223. It is verified whether or not the integrated row direction second verification information H′y matches (step y2).

  Although the integrated first verification information Hroot does not match the integrated second verification information H'root, the integrated row direction first verification information Hy matches the integrated row direction second verification information H'y. There is no design. If the integrated row direction first verification information Hy matches the integrated row direction second verification information H'y, it is considered that a problem has occurred in the system, so an error is raised to the system user ( Step y3). As a means for raising an error to the system user, a known method such as displaying an alarm on the GUI screen may be used.

  If the integrated row direction first verification information Hy does not match the integrated row direction second verification information H′y, the process proceeds to step y4.

  The verification unit 25 verifies whether or not the row direction first verification information y [N] matches the row direction second verification information y ′ [N] (step y4). If they do not match, the verification unit 25 stores the comparison result (step y5).

  The verification unit 25 verifies whether or not the row direction first verification intersection information Hy [N-1] matches the row direction second verification intersection information H'y [N-1] (step y6). If they match, it indicates that the subsequent data has not been tampered with, and therefore the process of detecting tampering in the row direction is terminated. If they do not match, it is verified whether or not the row direction first verification information y [N-1] matches the row direction second verification information y '[N-1] (step y7). If they do not match, the verification unit 25 stores the comparison result (step y8).

  Similarly, the verification unit 25 determines whether or not the row direction first verification intersection information Hy [n] matches the row direction second verification intersection information H′y [n] for n = N−2,. To verify. When the row direction first verification intersection information Hy [n] matches the row direction second verification intersection information H′y [n], the processing for detecting the row direction alteration is terminated. When the row direction first verification intersection information Hy [n] does not match the row direction second verification intersection information H'y [n], the row direction first verification information y [n] is further changed to the row direction second verification information. It is verified whether or not the information y ′ [n] matches. If the first verification information y [n] in the row direction does not match the second verification information y ′ [n] in the row direction, the verification unit 25 stores the comparison result.

  In this way, the verification unit 25 uses the row direction second verification information y ′ [n] generated by the second verification information generation unit 223 as the row direction first verification information y [n] read from the second storage unit 24. ] Is verified.

  Hereinafter, detection of alteration of data in the column direction will be described with reference to FIG.

  The verification unit 25 verifies whether the integrated first verification information Hroot matches the integrated second verification information H′root (step x1). If the integrated first verification information Hroot does not match the integrated second verification information H′root, the second verification information generation unit 223 generates the integrated column direction first verification information Hx read from the second storage unit 24. It is verified whether or not it matches the integrated column direction second verification information H′x (step x2).

  The integrated column direction first verification information Hx matches the integrated column direction second verification information H'x even though the integrated first verification information Hroot does not match the integrated second verification information H'root. There is no design. If the integrated column direction first verification information Hx matches the integrated column direction second verification information H′x, it is considered that a problem or the like has occurred in the system, so an error is given to the system user ( Step x3).

  If the integrated column direction first verification information Hx does not match the integrated column direction second verification information H′x, the process proceeds to step x4.

  The verification unit 25 verifies whether the column direction first verification information x [M] matches the column direction second verification information x ′ [M] (step x4). If they do not match, the verification unit 25 stores the comparison result (step x5).

  The verification unit 25 verifies whether or not the column direction first verification intersection information Hx [M-1] matches the column direction second verification intersection information H′x [M−1] (step x6). If they match, it means that the subsequent data has not been tampered with, and therefore the processing for detecting tampering in the column direction is terminated. If they do not match, it is verified whether the column direction first verification information x [M-1] matches the column direction second verification information x '[M-1] (step x7). If they do not match, the verification unit 25 stores the comparison result (step y8).

  Similarly, the verification unit 25 determines whether or not the column direction first verification intersection information Hx [m] matches the column direction second verification intersection information Hx ′ [m] for m = M−2,. Validate. If the column direction first verification intersection information Hx [m] matches the column direction second verification intersection information H′x [m], the processing for detecting the column direction alteration is terminated. If the column direction first verification intersection information Hx [m] does not match the column direction second verification intersection information H′x [m], the column direction first verification information x [m] is further determined by the column direction second verification. It is verified whether or not it matches information x '[m]. If the column direction first verification information x [m] does not match the column direction second verification information x ′ [m], the verification unit 25 stores the comparison result.

  In this way, the verification unit 25 uses the column direction second verification information x ′ [m] generated by the second verification information generation unit 223 as the column direction first verification information x [m] read from the second storage unit 24. ] Is verified. A verification result that is a set of comparison results of each verification information is transmitted to the restoration unit 26.

  The restoration unit 26 determines whether the row direction restoration value restored from the row direction transformation value matches the column direction restoration value restored from the column direction transformation value for each portion where the data may be falsified based on the verification result. Whether or not is verified (step S26).

  For example, the restoration unit 26 assumes that the verification result may indicate that the data block of the mth column of the nth row has been tampered with, and the row direction conversion value Cy [n-1] and the row direction conversion value A row-direction restoration value Ey [n] [m] is generated by calculating an exclusive OR with Cy [n], and a column-direction conversion value Cx [n] [m-1] and a column-direction conversion value Cx [ The column direction restoration value Ex [n] [m] is generated by calculating exclusive OR with n] [m]. At this time, if there is a possibility that the data block of the (m-1) th row and the mth column is falsified, or if there is a possibility that the data block of the (m-1) th row is falsified, First, it is necessary to restore the data block of the (m-1) th row and the mth column or the data block of the (m-1) th row. Therefore, when the verification result indicates that a plurality of data blocks have been falsified, it is only necessary to restore the data blocks in order from the data block having the smallest values of n and m.

  The restoration unit 26 verifies whether or not the generated row direction restoration value Ey [n] [m] matches the column direction conversion value Cx [n] [m]. If they match, the data block is falsified. As a result, the data block of the mth column of the nth row is updated with the column direction conversion value Cx [n] [m] or the column direction restoration value Ex [n] [m]. If they do not match, it means that the data block was not actually altered, so the data block in the mth column of the nth row is restored.

  Similarly, the restoration unit 26 restores the data block using the row direction conversion value and the column direction conversion value for all the data blocks in which the possibility that the data is falsified from the verification result, and the data Verify whether the block was actually tampered with.

  Hereinafter, the reason why the evidence information remaining rate can be accurately calculated by the processing of the restoration unit 26 will be described.

  The restoration unit 26 can specify a location where the data may be falsified based on the verification result generated by the verification unit 25. For example, as shown in FIG. 8, if y [5] ≠ y ′ [5] and x [4] = x ′ [4], and other portions match, the fourth column of the fifth row It can be seen that the data block has been tampered with or changed. Also, for example, as shown in FIG. 9, y [2] ≠ y ′ [2] and y [4] ≠ y ′ [4] and x [2] = x ′ [2] and x [5] = x If it is' [5] and matches otherwise, the data block in the second row, the second column, the data block in the second row, the data column in the fourth column, the data block in the second row in the second row, and 5 It can be seen that the data block in the fourth column of the row may have been altered or changed.

At this time, when a plurality of data blocks are falsified, it is not possible to specify only the part where the falsification has actually been performed. Specifically, when i data blocks have been tampered with, i ² data blocks are identified as tampered locations. For example, in the example of FIG. 9, if only two data blocks of the second row of data blocks in the second row and the data block of the fourth column in the fifth row surrounded by a thick line are falsified, The data block in the 4th column of the 2nd row and the data block in the 2nd column of the 5th row surrounded by a chain line will be specified as having been possibly altered even though they have not actually been altered. . As a result, the evidence information remaining rate indicating the ratio of reliable information among the altered information is calculated to be lower than actual.

  By confirming the restored values using the row-direction conversion value Cy [n] and the column-direction conversion value Cx [n] [m] for each of the falsification points specified by the restoration unit 26, only the portions that have been actually falsified Can be identified as an altered data block. Thereby, the number of data blocks that have been tampered with can be grasped more accurately. Therefore, it is possible to accurately calculate the evidence information remaining rate.

[Program, recording medium]
The present invention is not limited to the above-described embodiment, and it goes without saying that modifications can be made as appropriate without departing from the spirit of the present invention. The various processes described in the above-described embodiments are not only executed in time series according to the order described, but may be executed in parallel or individually as required by the processing capability of the apparatus that executes the processes.

  When various processing functions in each device described in the above embodiment are realized by a computer, the processing contents of the functions that each device should have are described by a program. Then, by executing this program on a computer, various processing functions in each of the above devices are realized on the computer.

  The program describing the processing contents can be recorded on a computer-readable recording medium. As the computer-readable recording medium, for example, any recording medium such as a magnetic recording device, an optical disk, a magneto-optical recording medium, and a semiconductor memory may be used.

  The program is distributed by selling, transferring, or lending a portable recording medium such as a DVD or CD-ROM in which the program is recorded. Furthermore, the program may be distributed by storing the program in a storage device of the server computer and transferring the program from the server computer to another computer via a network.

  A computer that executes such a program first stores, for example, a program recorded on a portable recording medium or a program transferred from a server computer in its own storage device. When executing the process, the computer reads a program stored in its own recording medium and executes a process according to the read program. As another execution form of the program, the computer may directly read the program from a portable recording medium and execute processing according to the program, and the program is transferred from the server computer to the computer. Each time, the processing according to the received program may be executed sequentially. Also, the program is not transferred from the server computer to the computer, and the above-described processing is executed by a so-called ASP (Application Service Provider) type service that realizes the processing function only by the execution instruction and result acquisition. It is good. Note that the program in this embodiment includes information that is used for processing by an electronic computer and that conforms to the program (data that is not a direct command to the computer but has a property that defines the processing of the computer).

  In this embodiment, the present apparatus is configured by executing a predetermined program on a computer. However, at least a part of these processing contents may be realized by hardware.

DESCRIPTION OF SYMBOLS 1 Data generation part 2 Data processing apparatus 21 Data collection part 221 Conversion value generation part 222 First verification information generation part 223 Second verification information generation part 22 Verification information generation part 23 First storage part 24 Second storage part 25 Verification part 26 Restoration unit 3 Time information addition unit 31 TSA client unit 32 TSA server

Claims (7)

N, M is a predetermined integer of 2 or more, n = 1,..., N, m = 1,..., M, and is composed of N × M data blocks divided into N rows × M columns A first storage unit for storing the stored data;
A row-direction conversion value Cy [n] is generated using M data blocks in the n-th row of the data, and a column-direction conversion value Cx [n is generated using a data block in the m-th column of the n-th row. ] a conversion value generation unit for generating [m],
First direction information y [n] is generated using M data blocks in the nth row of the data, and first direction verification information is generated using N data blocks in the mth column of the data. a first verification information generation unit for generating x [m];
The row direction conversion value Cy [n], the column direction conversion value Cx [n] [m], the row direction first verification information y [n], and the column direction first verification information x [m] are stored. A second storage unit;
The row direction second verification information y ′ [n] is generated using the M data blocks in the n-th row of the data read from the first storage unit, and the m-th column of the data read from the first storage unit A second verification information generation unit that generates column direction second verification information x ′ [m] using the N data blocks;
The row direction first verification information y [n] and the column direction first verification information x [m] read from the second storage unit are the row direction second verification information y ′ [n] and the column direction, respectively. A verification unit that identifies whether or not the data has been altered by verifying whether or not the second verification information x ′ [m] matches,
For each identified alteration, the row direction restoration value Ey [n] [m] obtained by restoring the data block of the mth column of the nth row using the row direction transformation value Cy [n] is the column direction transformation. A restoration unit that verifies whether or not the column-direction restoration value Ex [n] [m] is obtained by restoring the data block of the m-th column of the n-th row using the value Cx [n] [m];
Including data falsification and restoration system. A data falsification restoration system according to claim 1,
The first verification information generation unit further generates integrated row direction first verification information using the generated row direction first verification information y [n] (n = 1,..., N), and generates the above Integrated column direction first verification information is generated using column direction first verification information x [m] (m = 1,..., M), and the integrated row direction first verification information and the integrated column direction first verification information are generated. To generate integrated first verification information,
The second verification information generation unit further generates integrated row direction second verification information using the generated row direction second verification information y [n] (n = 1,..., N), and generates the above The integrated column direction second verification information and the integrated column direction second verification information are generated using the column direction second verification information x [m] (m = 1,..., M). Is used to generate integrated second verification information,
The data verifying / restoring system, wherein the verification unit further verifies whether the integrated first verification information matches the integrated second verification information. The data falsification restoration system according to claim 1 or 2,
The first verification information generation unit further uses the generated row direction first verification information y [n] (n = 1,..., N) to perform row direction first verification intersection information Hy [n] (n = , N), and column direction first verification intersection information Hx [m] (m = 2) using the column direction first verification information x [m] (m = 1,..., M) generated above. , ..., M)
The second verification information generation unit further uses the generated row direction second verification information y ′ [n] (n = 1,..., N) to perform row direction second verification intersection information H′y [n]. (N = 2,..., N) is generated, and the column direction second verification intersection information H′x [is generated using the generated column direction second verification information x ′ [m] (m = 1,..., M). m] (m = 2, ..., M)
The verification unit further includes the row direction first verification intersection information Hy [n] and the column direction first verification intersection information Hx [m], the row direction second verification intersection information H'y [n] and the above A data falsification restoration system that verifies whether the column direction second verification intersection information H'x [m] matches. A data falsification restoration system according to any one of claims 1 to 3,
The conversion value generation unit calculates the exclusive OR of the row direction conversion value Cy [n-1] of the (n-1) th row and the M data blocks of the nth row, thereby calculating the row direction conversion value Cy. [n] is generated, and the exclusive OR of the column direction conversion value Cx [n] [m-1] of the nth row and the m-1th column and the data block of the mth column of the nth row is calculated. The above column direction conversion value Cx [n] [m] is generated,
The restoration unit calculates an exclusive OR of the row direction conversion value Cy [n-1] of the (n-1) th row and the row direction conversion value Cy [n] of the nth row, thereby calculating the row direction restoration value. Ey [n] [m] is generated, and the column direction conversion value Cx [n] [m-1] of the mth column of the nth row and the column direction conversion value Cx [n of the mth column of the nth row ] A data falsification restoration system that generates the column direction restoration value Ex [n] [m] by calculating an exclusive OR with] [m]. A data falsification restoration system according to any one of claims 1 to 4,
Time information, which is information about the time at which the row direction first verification information y [n] and the column direction first verification information x [m] are generated, is represented as the row direction first verification information y [n] and the column direction. It further includes a time information addition unit to be added to the first verification information x [m].
Data falsification restoration system. N and M are predetermined integers of 2 or more, n = 1,..., N, m = 1,..., M, and N × M data blocks in which data is divided into N rows × M columns As configured
The conversion value generation unit generates a row direction conversion value Cy [n] using M data blocks in the nth row of the data, and uses a data block in the mth column of the nth row of the data. A conversion value generation step for generating a direction conversion value Cx [n] [m];
The first verification information generation unit generates row direction first verification information y [n] using the M data blocks in the nth row of the data, and the N data blocks in the mth column of the data A first verification information generation step for generating column direction first verification information x [m] using:
The second verification information generation unit generates row direction second verification information y ′ [n] using M data blocks in the n-th row of the data, and N data blocks in the m-th column of the data A second verification information generation step for generating column direction second verification information x ′ [m] using
The verification unit is configured such that the row direction first verification information y [n] and the column direction first verification information x [m] are the row direction second verification information y ′ [n] and the column direction second verification information, respectively. a verification step for identifying a falsified portion of the data by verifying whether it matches x '[m];
For each identified alteration location, the restoration unit restores the data block in the mth column of the nth row using the row direction transformation value Cy [n], and the row direction restoration value Ey [n] [m] Restoring unit step for verifying whether or not it matches the column direction restoration value Ex [n] [m] obtained by restoring the data block of the mth column of the nth row using the column direction transformation value Cx [n] [m] When,
Including data falsification and restoration.   The program for functioning a computer as a data falsification restoration system in any one of Claim 1 to 5.

Images