JP4689539B2 - Data processing apparatus and method - Google Patents

Description

  The present invention relates to data processing for generating a seed for generating random numbers.

  With the spread of the Internet, various data are exchanged via the network. As a result, interest in data communication security has increased, and cryptographic processing techniques have become generally known.

  Data communication using public key cryptography is performed in order to use common key cryptography or to share a common key. Random numbers are used for key generation, and random number generation techniques are indispensable.

  Random numbers have a wide range of applications, such as simulations and games, but in recent years there have been more opportunities to use random numbers for security purposes. Specifically, a random number is used for generating a key used for encryption, generating an authentication message, and the like. Therefore, it is necessary to generate a secure key by generating a secure random number (sometimes referred to as “high quality random number”) that cannot be estimated from the outside at high speed. If the random number has regularity and periodicity, there is a risk that the attacker may use it to estimate the random number. Therefore, randomness seeds must be random, unpredictable, and non-reproducible.

  As a random number generation method, there are a physical random number generation method for generating a random number based on a physical phenomenon in nature and a pseudo-random number generation method for generating a random number by a mathematical operation using a predetermined algorithm.

  The physical random number generation method includes a method using thermal noise or an oscillation circuit, or a method using fluctuations in delay time of communication packets or fluctuations in seek time of hard disks. The random number generated in this way is a random number that is mathematically close to a true random number. However, this physical random number generation method requires special parts / mechanisms such as a special circuit, and generally increases the circuit scale. Moreover, the track record of practical use is poor.

  On the other hand, the pseudo random number generation method generates a random number by a calculation based on a predetermined algorithm based on a seed having a certain length. In order to increase the non-reproducibility of the product by the pseudo random number generation method, it is common to use a high-quality stirring function. Examples of the agitation function include a hash function and a common key encryption. In addition, as a method for obtaining a seed, a method using time or serial number, a method using keyboard input or mouse operation as an external event, or a method using information unique to a mobile terminal (see Patent Document 1) ) Etc. are known.

  However, since the calculation for generating random numbers in the pseudo-random number generation method uses a known algorithm, a third party who knows the seed and the stirring function can reproduce the generated random numbers. In addition, if the quality of the seed is low, the generated random numbers appear uniform (regularity), can be predicted, have reproducibility, and lack chance. For this reason, there is a concern that the used random number may be guessed, and there is a problem with safety. In other words, the randomness of the pseudo random number generation method is greatly affected by the randomness of the seed, so the seed must not be predicted. Therefore, it is recommended to add the variation factor obtained by the system to the seed. In general, it is said that the higher the seed bit amount, the higher the quality random number.

  The method using the serial number described above makes it easy to guess the seed. In addition, a method using an external event frequently requires human operation. Further, in the method of Patent Document 1, it is only communication contents that are highly likely to fluctuate, but it is considered that the contents are biased. In other words, the method of Patent Document 1 has few variable elements and a hash is essential.

JP 2002-215030 JP

  The present invention is directed to seed production with high entropy.

  The present invention has the following configuration as one means for achieving the above object.

A data processing apparatus according to the present invention includes a data processing unit that performs arbitrary processing on arbitrary data, a seed generation unit that acquires data from the data processing unit, and generates a seed for generating random numbers from the acquired data. the data processing acquires operation state information of the device, have a control means for controlling the seed generation by the seed generation means based on said operating status information, said control means said data processing means based on the operation state information Is determined, and the seed generation unit acquires the data of the data processing unit according to the weight .

A data processing apparatus according to the present invention is a data processing method of a data processing apparatus having data processing means for performing arbitrary processing on arbitrary data, wherein the data processing means acquires data from the data processing means, and generates random numbers from the acquired data A generation step of generating a seed for generation ; and a control step of acquiring operation state information of the data processing means and controlling the seed generation based on the operation state information, the control step including the operation state A weight of data output from the data processing means is determined based on the information, and the generation step acquires data of the data processing means according to the weight .

  According to the present invention, seed generation with high entropy can be realized. Therefore, it is possible to generate a random number of high quality by generating a random seed.

  Hereinafter, information processing according to an embodiment of the present invention will be described in detail with reference to the drawings.

[Device configuration]
FIG. 1 is a block diagram illustrating a configuration example of the data processing apparatus 100 according to the embodiment.

  The microprocessor 111 is, for example, a one-chip microcontroller, executes a program stored in a built-in ROM or the like using the built-in RAM as a work area, and controls each component described later via the system bus 109.

  As the data processing module 105, modules necessary for data processing of the data processing apparatus 100 such as a data encryption module and an authentication message generation module are mounted.

  The random number generation module 101 includes a control unit 102, a seed collection / processing unit 103, and a random number sequence generation unit 104, and executes random number generation processing in the present embodiment. Communication may be performed between the data processing module 105 and the random number generation module 101 using a dedicated signal line or the system bus 109.

  The external interface 106 provides an interface for connecting the external device 107 to the data processing device 100 via a serial bus such as a network or USB. Note that the external device 107 is preferably a storage that stores data to be encrypted or authenticated, or a data processing device that performs encryption or authentication processing.

  The random number generated by the random number generation module 101 is used for encryption and authentication of the data processing module 105. However, the data processing module 105 that supplies data to the random number generation module 101 is not limited to the one that uses random numbers, and any data processing module can be used. Further, although there are preferably a plurality of data processing modules 105, only one data processing module 105 may be provided.

[Configuration of random number generation module]
2A and 2B are block diagrams showing a detailed configuration example of the random number generation module 101. FIG.

  FIG. 2A shows a configuration in which the random number sequence generation unit 104 includes only the random number generation unit 205, and the output of the seed collection / processing unit 103 is an input of the random number generation unit 205, and is a seed necessary for pseudorandom number generation. On the other hand, FIG. 2B shows a configuration in which the random number sequence generation unit 104 includes a random number generation unit 205, a random pool 206, and a stirring unit 207. In this configuration, the output of the seed collection / processing unit 103 is an input of the stirring unit 207 and is a source for stirring the random pool 206. A signal line returning from the output of the seed collection / processing unit 103 to the input of the seed collection / processing unit 103 is a signal line for feedback described later.

Seed Collection / Processing Unit FIG. 3 is a block diagram illustrating a configuration example of the seed collection / processing unit 103.

  As will be described in detail later, the data collection unit 301 weights each data output from the data processing module 105 according to the weighting coefficients ω1 to ωn output from the control unit 102. The data synthesis unit 303 synthesizes the weighted data by a predetermined method, and outputs the synthesized data to the random number sequence generation unit 104 as a seed.

  As a data synthesis method of the data synthesis unit 303, addition, exclusive OR, concatenation, and the like can be used.

FIG. 4 is a flowchart for explaining the operation of the control unit 102.

  The control unit 102 waits for the execution request event of the seed collection / processing unit 103 to occur (S100). When the seed collection / processing unit 103 receives an agitation request or seed request from the random number sequence generation unit 104, or when the control unit 102 receives an operation status notification signal indicating activation from the data processing module 105 or the external interface 106 An execution request event occurs. In addition, in the case where the random number sequence generation unit 104 has a random pool 206 (FIG. 2B), it also occurs when data remaining in the random pool 206 decreases or when the random pool 206 is left for a long time. .

  When the execution request event occurs, the control unit 102 investigates the activation rate of the data processing module 105 connected to the seed collection / processing unit 103 (S101). For the investigation of the activation rate, for example, the data change may be detected by sampling the output data and differentiating the sampling data for each data processing module 105 periodically or irregularly. Alternatively, the activation rate may be investigated by inputting a signal indicating activation from the data processing module 105.

  Next, the control unit 102 determines whether or not there is an activated data processing module 105 (hereinafter referred to as “activation module”) based on the investigation result of the activation rate (S102). When there is no activation module, the seed collection / processing unit 103 feeds back the previous seed value, or the random number generation unit 104 is instructed to agitate the random pool 206, so that the activation module does not exist Is avoided (S105). Then, the process returns to step S100.

  On the other hand, when the activation module exists, the control unit 102 determines the weighting coefficient ω i (i = 1−n) for each data processing module 105 based on the investigation result of the activation rate. Furthermore, the operation status notification signal 108 of the data processing module 105 is acquired, and the operation status notification signal 108 ranked by a predetermined operation is output as a control parameter to the seed collection / processing unit 103 (S103). For example, an index such as an activation rate or entropy notified by the operation status notification signal 108 may be used as the control parameter.

  Next, the control unit 102 instructs the seed collection / processing unit 103 to acquire and synthesize data, that is, generate a seed (S104), and returns the process to step S100. In accordance with this instruction, the seed collection / processing unit 103 synthesizes the weighted data output from the data processing module 105 by a predetermined method and outputs the synthesized data to the random number sequence generation unit 104.

[Weighting method]
The seed collection / processing unit 103 realizes weighting of data by dynamically changing the number of data acquisition times for each data processing module 105 in accordance with the weighting coefficient ω i instructed from the control unit 102. Instead of dynamically changing the number of data acquisitions, the data acquisition time ratio may be dynamically changed, or the number of data acquisition bits may be dynamically switched.

  FIG. 5A, FIG. 5B, and FIG. 5C are diagrams for explaining a method of dynamically changing the number of data acquisition using an activation rate when an execution request event occurs. As shown in FIG. 5C, it is assumed that there are three modules A, B, and C as the data processing module 105. FIG. 5A is a diagram illustrating time on the horizontal axis and the activation rate of each module on the vertical axis, and FIG. 5B is a diagram illustrating an example of realizing weighting factors.

  As shown in FIG. 5A, the activation rates of modules A, B, and C when execution request event 1 occurs at time t1 are indicated by reference numerals 311, 321, and 331. FIG. 5B shows the ratio of these activation rates as a 100% stacked bar graph. When the weighting factor ωi is determined based on this ratio, the weighting factors ω1 to ω3 of the modules A, B, and C when the execution request event 1 occurs are 8, 33, and 58, respectively. For example, assuming 60 bytes of data are acquired, 8/99 × 60 = 5 times from module A, 33/99 × 60 = 20 times from module B, and 58/99 × 60 = 35 times from module C. Will get. That is, 5, 20, and 35 bytes are acquired from modules A, B, and C, respectively.

  Also in the execution request events 2 to 4, data is acquired according to the ratio of the activation rate in the same manner as described above. Therefore, the data acquisition is dynamically changed according to the activation rate of the data processing module 105, and the seed value generated based on the acquired data can be made more messy. As a result, the random number sequence generation unit 104 can generate a high-quality random number based on a random value seed.

  Note that when the number of data processing modules 105 is one, or when the activation rate of one of the plurality of data processing modules 105 is extremely high, the number of data acquisitions cannot be dynamically changed. In such a case, the control unit 102 generates a pseudo activation rate signal corresponding to a data processing module that does not actually exist, for example, having a predetermined cycle variation, and the data processing module 105 uses the activation rate signal and the pseudo activation rate signal. What is necessary is just to determine the weighting coefficient (omega) i.

  The information processing according to the second embodiment of the present invention will be described below. Note that the same reference numerals in the second embodiment denote the same parts as in the first embodiment, and a detailed description thereof will be omitted.

  FIG. 6 is a block diagram illustrating a configuration example of the data processing apparatus 100 according to the second embodiment.

  The data processing apparatus 100 includes a camera control module 501, an image encoding module 502, an encryption module 503, a message digest (MD) generation module 504, and other data processing modules 505 as data processing modules 105. In addition, the external interface 106 includes a storage interface 509 for connecting the storage 510 and a network interface 511.

  It is known that the code data output from the image encoding module 504 has a high entropy. However, if code data transferred to the outside via the network interface 511 is used for seed generation, there is a possibility that a key is guessed to a third party, which is not preferable. On the other hand, code data that is not transferred to the outside has a high entropy due to the nature of encoding, and is optimal for generating seeds. Therefore, the encoding result of the image encoding module 504 is used as seed generation data.

  The LSB of unencoded image data input to the image encoding module 504 is lost due to quantization. Therefore, even if a third party obtains the encoded data, the LSB of the image data cannot be estimated. Accordingly, the random number generation module 101 acquires the LSB of the image data before encoding as seed generation data.

  In addition, the setting data output from the camera control module 501 causes a sudden change in the captured image when panning, tilting, and zooming are instructed. Therefore, the setting data output from the camera control module 501 is also actively used for seed generation.

[Other embodiments]
Note that the present invention can be applied to a system including a plurality of devices (for example, a host computer, an interface device, a reader, and a printer), and a device (for example, a copying machine and a facsimile device) including a single device. You may apply to.

  Another object of the present invention is to supply a storage medium (recording medium) that records software for realizing the functions of the above-described embodiments to a system or apparatus, and a computer (CPU or MPU) of the system or apparatus executes the software. Is also achieved. In this case, the software itself read from the storage medium realizes the functions of the above-described embodiments, and the storage medium storing the software constitutes the present invention.

  In addition, the above functions are not only realized by the execution of the software, but an operating system (OS) running on a computer performs part or all of the actual processing according to instructions of the software, and thereby the above functions This includes the case where is realized.

  In addition, the software is written in a function expansion card or unit memory connected to the computer, and the CPU of the card or unit performs part or all of the actual processing according to instructions of the software, thereby This includes the case where is realized.

  When the present invention is applied to the storage medium, the storage medium stores software corresponding to the flowchart described above.

The block diagram which shows the structural example of the data processor of an Example, Block diagram showing a detailed configuration example of the random number generation module, Block diagram showing a detailed configuration example of the random number generation module, Block diagram showing a configuration example of the seed collection / processing unit, A flowchart for explaining the operation of the control unit; A diagram for explaining a method of dynamically changing the number of data acquisition using an activation rate when an execution request event occurs, A diagram for explaining a method of dynamically changing the number of data acquisition using an activation rate when an execution request event occurs, A diagram for explaining a method of dynamically changing the number of data acquisition using an activation rate when an execution request event occurs, FIG. 6 is a block diagram illustrating a configuration example of a data processing device according to a second embodiment.

Claims (8)

Data processing means for performing arbitrary processing on arbitrary data;
Obtaining data from the data processing means, and generating seeds for generating random numbers from the acquired data;
Wherein acquires operation state information of the data processing means, have a control means for controlling the seed generation by the seed generation means based on said operating status information,
The control means determines a weight of data output from the data processing means based on the operation state information, and the seed generation means acquires data of the data processing means according to the weight. apparatus.   2. The data processing apparatus according to claim 1, further comprising random number generation means for generating a random number from the seed generated by the seed generation means.   3. The data processing apparatus according to claim 1, wherein the control unit acquires information indicating an activation rate of the data processing unit as the operation state information.   4. The data processing apparatus according to claim 3, wherein the control unit controls the seed generation unit to feed back a previously generated seed when the data processing unit indicating activation does not exist. As the data processing means, means for encoding the image data, is described means for encrypting data, the preceding claims, characterized in that it comprises at least one means for controlling the camera to one of claims 4 Data processing equipment. A data processing method of a data processing apparatus having data processing means for performing arbitrary processing on arbitrary data,
Generating data from the data processing means, generating a random number generation seed from the acquired data; and
Obtaining operation state information of the data processing means, and controlling the seed generation based on the operation state information ,
The control step determines a weight of data output from the data processing means based on the operation state information, and the generation step acquires data of the data processing means according to the weight. . 7. A computer program for controlling the information processing apparatus to realize the data processing according to claim 6 . 8. A computer-readable recording medium on which the computer program according to claim 7 is recorded.

Images