JP5099542B2 - Operation record correctness proof system and method using camera - Google Patents

Description

  The present invention relates to DF work, and in particular, to proof of the validity of operation records in DF work, and proof of the presence or absence of negligence in surgery, drug preparation, and the like.

  In recent years, with the development of the Internet society, almost all data has been digitized and handled, and the data is stored in digital format. A social mechanism is required.

  DF (Digital Forensics) is a legal problem by analyzing and investigating data recorded in computer HDDs mainly for traces and evidence of fraud using digital devices, such as internal information leakage of companies. DF, which is a technology to ensure the evidence of digital data to be solved and can prove its validity, is very important.

  In the current DF, a DF worker (for example, a legal department of a company, a computer department, or a DF worker in a DF specialist company) uses a video at the time of work as evidence that he / she has not made any fraud. .

  FIG. 6 is an explanatory diagram of an outline of the flow of the operation record validity proof work according to the conventional example. Based on FIG. 6, the flow of DF work currently performed will be described.

  The DF work currently being carried out is as follows: (1) First, an analysis HDD that is 100% physically copied of the investigation target HDD 41 is created. (2) Next, using this analysis HDD using the DF work PC 20 incorporating analysis-specific software (OS), (b) searching for files and mail stored in the HDD, (b) registry And (c) password analysis, etc., and the operations performed by computer users are investigated. (3) Finally, the survey results are summarized in a report R and submitted to the reportee 60 for explanation.

At the same time, in order to prove the validity of the DF work, the operation status of the PC 20 of the DF worker 10 is monitored, photographed by the video camera 30, and included in the report C as an operation video log.
Special table 2003-533805 gazette JP 2003-204512 A

  However, the conventional DF work has the following two problems. The first problem is that since the video camera 30 cannot capture the details of the work, it is proved that there is no fraud such as intentional data concealment, falsification, and replacement during the DF work only with the video. Have difficulty.

  Also, when the video camera 30 captures the screen of the PC 10, the screen may shine depending on the resolution of the video camera 30 and the angle at which it is captured, and what operations are performed on what is displayed on the screen. It is difficult to know only from the photographed image whether or not it is present, and (a) it appears that the work performed is not performed. (b) Pretend that work that has not been performed is performed. (c) It is difficult to detect fraud such as falsifying the time when the work was performed.

  The second problem is that it is not possible to prove that the video submitted to the report destination 60 as the operation video log is certainly a video at the time of work and is not another video that has been maliciously replaced. For example, if the analysis result was tampered with or concealed during the DF work, but an illegal act was made in which an operation video log was taken separately as if the work was done correctly and submitted. It is difficult to see through that fraud.

  For this reason, it is difficult to eliminate fraud even when creating an analysis HDD or analyzing the operation of a PC. In the case of a video taken by the report R or the video camera 30 included in the report R, legal There is not enough evidence.

  In Patent Document 1, a digital certificate (digital watermark information, etc.) for arbitrary digital information (digital image obtained by photographing with a digital camera) is passed through a communication means (network, etc.) and is publicly disclosed. An information processing method acquired from a third organization (such as a certificate authority) is shown. Further, in Patent Document 2 described above, when a signature is made on an article, an image of the signature is captured by a camera, the captured image is stored in a computer, and a visual for verifying the validity of the signature is disclosed. Although a method of giving evidence to the owner of the article is shown, none of the methods shown in Patent Documents 1 and 2 proves the validity of the operation record of the DF work.

  The present invention has been made in view of such circumstances, and it is an object of the present invention to provide an operation record validity proving system and method that can be sufficient as legal evidence.

According to a first aspect of the present invention for solving the above problems, the operation video log data generated by photographing the keyboard operation status of the PC of a DF worker who analyzes the investigation target HDD with a video camera at predetermined time intervals , An operation record validity proving system characterized in that a chain hash or a hysteresis signature is obtained while synchronizing in the order received by a log receptor in a PC.

  A second invention is the first invention according to the first aspect, wherein a chained hash or hysteresis signature composed of the operation video log data and the operation log data (Mitsuru Iwamura, Kunihiko Miyazaki, Tsutomu Matsumoto, Ryoichi Sasaki, Matsuki " The alibi proof problem and the time proof problem-The concept of hysteresis signature and digital old document-", Computer Science magazine bit Vol.32, No11, Kyoritsu Shuppan (2000)) is time-certified by the time certificate authority. The operation record correctness proof system. Hereinafter, a case where a chain hash is employed will be described.

  Transmission / reception of a chained hash between the PC and the time certificate authority is performed at points.

  According to a third aspect of the present invention, in the first or second aspect of the present invention, there is provided an operation record validity proving system characterized in that the time interval of photographing by the video camera is irregular.

The fourth invention uses a PC in which DF software is incorporated, and operation video log data generated by photographing a keyboard operation situation of an operator related to the DF at a predetermined time interval with a video camera; The operation log data generated by the operator of the DF operating the PC is synchronized in the order received by the log receptor in the personal computer, and a chain hash or hysteresis signature is obtained. It is an operation record correctness proof system.

According to a fifth aspect of the present invention, the operation video log data generated by photographing the keyboard operation status of the PC of the DF worker who analyzes the investigation target HDD with a video camera at predetermined time intervals, and the DF worker an operation log data generated by operating the PC, while synchronizing the order received in Rogureseputa in the PC, to prove the validity of the operation record, characterized by taking a chain hash or hysteresis signature Is the method.

Since the present invention synchronizes the operation video log data and the operation log data, it adds a certificate of time authentication of the time certificate authority at a point point to the chain hash or hysteresis signature.
(1) Even if the analysis result is submitted to another HDD that has been maliciously replaced by an operator without submitting an analysis to the analysis target HDD, this should be excluded by the operation video log. Can do.
(2) (a) Unauthorized acts that appear to have not been performed or (b) Unauthorized acts that appear to have been performed are the discrepancies between the operation video log and the operation log in the verification log. It can be detected by examining.
(3) The act of faking the time when the work was performed can be detected by confirming the time certificate of the time certificate authority added when the operation video log and operation log are accumulated.
(4) The presence or absence of falsification such as falsification, extraction, or replacement of data is proved by the correct continuity of the signature because a chain signature is taken when the operation video log and operation log are stored.
Moreover, even if the present invention is applied to operations such as surgery and dispensing operations to a PC and manual operations, the present invention is sufficiently effective as legal evidence to prove the existence of negligence.

  FIG. 1 is an explanatory diagram of an operation record validity proving system and a DF work flow according to an embodiment of the present invention.

  In FIG. 1, 10 is a DF worker (hereinafter referred to as “worker”), 20 is a PC (personal computer) for DF work, and the PC 20 includes analysis software dedicated to DF including a key logger program 22 and a photographing program 25. (OS) 22 is incorporated. Reference numeral 30 denotes a video camera that is connected to a PC via USB and shoots the operation status of the DF worker's PC.

  Note that the number of video cameras 30 is not limited to one, and the accuracy of evidence can be increased by installing a plurality of video cameras with different shooting directions.

  Reference numeral 24 denotes a log receptor, which is an operation log B generated by the imaging program 25, in which an operation log B, which is the operation content of the PC 20 generated by the key logger program 22, and the PC operation status by the operator is captured by the video camera 30. Is accepted. Reference numeral 23 denotes a log file in which the operation log B and the operation video log A are stored and accumulated.

  50 is a time certificate authority for certifying the absolute time of the DF work data in order to correlate with the absolute time of the DF work data and enhance the evidence, and 60 is a report destination for reporting the result of the DF work. .

Next, the flow of DF work will be described.
(A) First, the worker 10 creates an analysis HDD 42 in which the investigation target HDD 41 is physically copied 100%.
(B) Next, the operator 10 operates the keyboard of the PC 20 to analyze and investigate the analysis HDD 42.
(C) The video camera 30 monitors and shoots the work of creating the analysis HDD 42 of the worker 10, the operation status of the keyboard of the PC 10, and the like.
In this case, it is assumed that the operation / shooting start time is correctly reported to the verifier (DF work report destination) and that the operation shooting is not performed again.
(D) The video imaged by the video camera 30 is accepted by the log receptor 24 as the operation video log A by the imaging program 25 on the PC. On the other hand, an event of PC 10 such as switching of an active window is accepted by the log receptor 24 as an operation log B by the key logger program 22 on the PC 10.
The operation video log A and the operation log B are synchronized with each other, and a chain hash is taken in the order accepted by the log receptor 24. In addition, time information is added to the operation video log A and the operation log B from which the chain hash has been taken so that the event occurrence time can be clearly identified.
(E) Next, the operation video log A and operation log B received by the log receptor 24 and subjected to chain hashing are sent to the time certification authority 50 at points and points, and a time stamp S is given. The time stamp S proves that the log data existed before the time displayed on the time stamp S.
(F) The two logs, the operation video log A and the operation log B, for which time certification has been performed by the time certification authority 50 are returned to the log receptor 24 and then stored and accumulated in the log file 23.
(G) Finally, the operator 10 creates a report R by collecting the DF work analysis investigation results, extracts the operation log B and the operation video log A from the log file 23, and uses it as a verification log (submission log) C. Included in the report R and submitted to the reportee 60 for explanation.

  FIG. 2 is an explanatory diagram of the chained hash of the operation record validity proving system according to the embodiment of the present invention.

  When the log receptor 24 receives the operation video log data j and the operation log data i at a certain time t, the log receptor 24 calculates a chain hash k + 1 from them and the chain hash k created last time.

As shown in FIG. 2, the chain hash k + 1 is k + 1 = h (j, i, k),
Similarly, the chain hash k + 2 is expressed as k + 2 = h (j + 1, i + 1, k + 1). Here, h () is a hash function such as SHA-1.

  The contents in parentheses in FIG. 2 are stored and accumulated in the log file 25.

  As described above, in the embodiment of the present invention, the operation video log data shot by the video camera 30 and the operation log data input from the PC keyboard or the like are recorded while being synchronized and a chain hash is used. Therefore, if there is any alteration of the order or contents or data extraction, it can be detected immediately. In addition, it is proved that the report R has been created by analyzing and investigating the analysis target HDD 42, which is impossible with the conventional DF work.

  In addition, the time certificate authority 60 associates the absolute time with the point, and the time interval of the still image captured as data is randomized to prevent fraud in anticipation when the video camera 30 is not captured. By doing so, the certainty of the evidence is made higher.

  In addition, by providing a hysteresis signature in addition to the chain hash so that the verification log cannot be tampered with by a third party while being sent to the time certificate authority 60, the evidence can be improved.

  In this case, if the public key cryptosystem is used and the secret key of the DF worker is Sa, the hysteresis signature is expressed as k + 1 = Sa (h (i, j, k)).

  This example shows the flow of the program in the operation record validity proving system (see FIG. 1) according to the embodiment of the present invention, and the verification log included in the report R printed out from the PC and submitted to the report destination 60 C is an example.

  FIG. 3 is an explanatory diagram of a program flow of the operation record validity proving system according to the first embodiment of the present invention.

  In FIG. 3, photographing is performed by the photographing program 25 at regular intervals, for example, at intervals of 1 to 5 seconds, and an image is output. At the same time as shooting, it is monitored whether the event log L has changed between the previous shooting and the current shooting. If there is a change, it is output as a txt file U. On the other hand, the event log L is accumulated by the key logger program 22 when the PC 20 is operated or when the window is switched, and the presence or absence of fraud is detected by collating the output video V with the txt file U. .

  The screen when the verifier verifies the operation validity of the operator 10 can freely display the operation video log A and the operation log B with operation buttons such as a scroll bar, “play”, “stop”, and “fast forward”. It is possible to check the log at an arbitrary time, so that the verifier can freely and repeatedly verify the log of the suspected fraud.

  FIG. 4 is an explanatory diagram of the verification log C of the operation record validity proving system according to the first embodiment of the present invention. 4, (X) is the time, (Y) is the video of the video camera, and (Z) is the operation content. The operation video log and the operation stored in the PC are easy to verify the correctness in the DF work. The log is displayed corresponding to each time.

  The shooting time interval is fixed to 5 seconds, but by changing it randomly, the certainty of evidence can be further improved.

  In addition, the still image by the video camera 30 and the operation log B are displayed side by side. However, a function for automatically displaying still images continuously and a function for stopping playback at an arbitrary time are incorporated so that the work contents can be displayed in real time. The efficiency of the verification work can be improved by making it appear as if it is monitored by

  In recent years, the present invention has been applied to dispensing operations in view of the fact that laws and regulations concerning the handling of drugs in medical institutions and companies have become very strict due to the frequent occurrence of crimes involving the use of poisonous and deleterious substances in recent years.

  FIG. 5 is an explanatory view of the flow of proof of operation legitimacy of the dispensing operation according to the second embodiment of the present invention.

In FIG. 5, reference numeral 70 is a medicine storage place, and 71 is a medicine shelf. 30 '
-1 is a first camera that shoots a dispensing action M such as mixing or measuring the medicine of the pharmacist 10 ', and 30'-2 is what kind of medicine the pharmacist (or operator) takes out from the medicine shelf 71. It is the 2nd camera which monitors and image | photographs.

  Reference numeral 20 ′ denotes a PC for DF work, and the configuration in the PC is the same as that in the first embodiment except that there are two video cameras, and an operation video log A ′, an operation log B ′, and a log file 23 ′. The key logger program 22 ′ and the imaging program 25 ′ correspond to the operation video log A, the operation log B, the log file 23, the key logger program 22, and the imaging program 25 of the first embodiment, respectively.

  The pharmacist 10 ′ performs a drug action M such as mixing and measuring the drug, and at the same time inputs the amount of the used drug and the drug name into the PC 20 ′ from the keyboard.

  The video program 25 on the PC 20 ′ is an image of the drug action M photographed by the first video camera 30′-1 and an image of the medicine taken out from the medicine shelf 71 photographed by the second camera 30′-2. Is accepted by the log receptor 24 'as an operation video log A'. On the other hand, when the pharmacist 10 'dispenses, the input data is received by the log receptor 24' as the operation log B 'from the key logger program 22' on the PC 20 '.

  The two logs, the operation log B ′ and the operation video log A ′, are synchronized with each other and a chain hash is taken, and then stored and accumulated in the log file 23 ′.

  In the case of dispensing, if there is some kind of fraud and investigation is necessary, the fraud can be detected by verifying the data in this log file 23 '.

  Usually, the amount of data to be verified is enormous, but in this embodiment, there is an unnatural time lapse from when the video is stationary until it starts moving, or video cameras 30′-1 and 30′-2. If there is no input to the PC 20 'even though there is movement in the video, it can be regarded as "possibly fraudulent", so at the time of verification, focus on the suspicious part Thus, fraud detection can be performed efficiently.

  In addition, this embodiment can not only detect fraud by the auditor, but also can quickly check if the pharmacist 10 ′ himself feels anxious about whether his work contents were correct after dispensing. It helps prevent mistakes in actions and proves its validity at the time of trial.

  In addition, the system according to the present invention can also be used as a tool for proving at the time of a trial that there is no error in the surgical action of a doctor in a surgical operation and that the operation contents are correct.

  Furthermore, the present invention can be utilized as a tool that clearly proves to the customer that there is no fraud in the worker when taking out and storing the document in the service business for storing the confidential document of the company.

  Also, the system according to the present invention can be applied to photographing the questioning scene of the suspect in the police and leaving as evidence that there was no compulsion of confession.

It is explanatory drawing of the operation record correctness certification | authentication system which concerns on embodiment of this invention, and the flow of DF operation | work. It is explanatory drawing of the chain hash of the operation record correctness certification | authentication system which concerns on embodiment of this invention. It is explanatory drawing of the program flow of the operation record correctness certification | authentication system which concerns on Example 1 of this invention. It is explanatory drawing of the log for verification of the operation record correctness certification | authentication system which concerns on Example 1 of this invention. It is explanatory drawing of the flow of operation correctness proof of the dispensing operation | work which concerns on Example 2 of this invention. It is explanatory drawing of the outline | summary of the flow of the operation record correctness | proof verification work which concerns on a prior art example.

Explanation of symbols

100..Operation record correctness proof system 10..DF worker 10 '.. Pharmacist 20, 20' .. PC (personal computer for DF work)
21, 21 '... OS (operatinng system)
22., 22 '.. Keylogger program 23,23' .. Log file 24, 24 '.. Log receptor 25, 25' .. Video program 30..Video camera 30'-1 .... First video camera 30'- 2. Second video camera 40 HDD HDD (hard disk drive)
41 .. HDDs to be surveyed
42 .. HDD for analysis
50 .. Time certification authority 60 .. Report destination (verifier)
70 ·············································· Shelves A, A '·· Operation log B, B' ··· Operation log C, C '
L ・ ・ Event Log R ・ ・ Report S ・ ・ Time Stamp U ・ ・ txt File T ・ ・ Time M ・ ・ Dispensing

Claims (5)

Operation video log data generated by photographing a keyboard operation state of a PC of a DF worker who analyzes the investigation target HDD with a video camera at predetermined time intervals;
Operation log data generated when the DF worker operates the PC ,
An operation record validity proving system, wherein a chain hash or a hysteresis signature is obtained while synchronizing in the order received by the log receptor in the PC.   2. The operation record according to claim 1, wherein a chain hash or hysteresis signature constituted by the operation video log data and the operation log data is time-authenticated by a time certificate authority using a digital signature. Validity proof system.   3. The operation record validity proof system according to claim 1, wherein time intervals of photographing by the video camera are irregular. Operation video log data generated by photographing a keyboard operation status of an operator related to DF with a video camera at predetermined time intervals using a PC in which DF software is incorporated, and an operator related to the DF The operation log data generated by operating the PC is synchronized with the log receptor in the personal computer in the order received, and the chained hash or the hysteresis signature is obtained. system. Operation video log data generated by photographing a keyboard operation state of a PC of a DF worker who analyzes the investigation target HDD with a video camera at predetermined time intervals;
Operation log data generated when the DF worker operates the PC ,
A method for proving the validity of an operation record, wherein a chain hash or a hysteresis signature is taken while synchronizing in the order accepted by the log receptor in the PC.

Images