JP6253283B2 - Content data processing device - Google Patents

Description

The present invention relates to a high safety content data processing equipment.

  Font data is roughly classified into bitmap font data and outline font data. Bitmap font data represents the shape of a character as a set of small square dots (dots), and expresses the shape of all characters with a predetermined number of grids (for example, 32 vertical x 32 horizontal). Outline font data expresses the shape of a character as a collection of coordinates and outlines of a reference point.

  Bitmap font data has the advantage that it can be processed at higher speed than outline font data, but has the disadvantage that the shape of the font is lost when it is enlarged or reduced. On the other hand, outline font data has the advantage that the character shape does not collapse even if it is enlarged or reduced, and there is also the recent speedup of the CPU (Central Processing Unit), and the current mainstream is outline font data. (For example, refer to Patent Document 1).

JP 2009-048417 A

  For this reason, there is a strong demand for a technique for improving the safety by preventing the outflow, forgery, and falsification of sentences created using such outline font data.

The present invention has been made in consideration of the above, and an object thereof is to provide a high content data processing equipment safety.

In order to achieve the above object, a content data processing apparatus according to the first aspect of the present invention provides:
Content data processing for restoring the content indicated by the first content data from the second content data obtained by calculating the exclusive OR of the first content data representing the content as vector data and a predetermined embedded value A device,
An exclusive OR calculating means for restoring the content indicated by the first content data by calculating an exclusive OR of the second content data and the predetermined embedded value ;
Content data authentication means for authenticating the second content data;
Equipped with a,
The predetermined embedding value is obtained using a first discrimination value and a hash value of the first content data,
The content data authentication means includes
A hash value calculating means for calculating a hash value of the exclusive OR calculated by the exclusive OR calculating means;
Second discriminant value calculating means for calculating a second discriminant value using the first discriminant value and the hash value of the exclusive OR calculated by the hash value calculator;
A match determination means for authenticating the second content data by determining whether or not the first determination value and the second determination value calculated by the second determination value calculation means match;
Including
The predetermined embedding value for which an exclusive OR between the first discriminating value and the first content data is calculated is c, the predetermined embedding value u, and the first content. The hash value of the data is h, the base point of the elliptic curve E on the finite field is G, the order of the base point G is n, the predetermined random value is k (1 ≦ k ≦ n−1), V = kG = ( xv, yv), where d (1 ≦ d ≦ n−1) is the secret key,
The second discriminant value calculating means calculates the predetermined embedded value u ′ for which an exclusive OR with the second content data is calculated, the hash value of the exclusive OR is h ′, and the public key is Q = dG, where the second discriminant value is cp, the second discriminant value is calculated according to the following formula 2.
It is characterized by that.

Furthermore, in the content data processing apparatus,
The vector data includes coordinate values of control points of straight lines and / or curves constituting the content,
The second content data calculates an exclusive OR of the first content data and the predetermined embedding value, and embeds the predetermined embedding value in the coordinate value of the control point in the vector data. Obtained by
You may do it.

In the content data processing apparatus,
The vector data includes a coordinate value of a start point and a coordinate value of an end point of a straight line and / or a curve constituting the content,
The second content data is obtained by calculating an exclusive OR of the first content data and the predetermined embedding value, and adding the predetermined coordinate value of the start point and the end point of the vector data. Obtained by embedding the embedded value of
You may do it.

According to the present invention, it is possible to provide a highly secure content data processing equipment.

It is a block diagram which illustrates a security font system. It is a block diagram which shows the structural example of a security font production | generation apparatus. It is explanatory drawing which illustrates the outline of the character "B" before a deformation | transformation. It is explanatory drawing which illustrates the outline of the character "B" after a deformation | transformation. It is explanatory drawing which illustrates the outline of the character "B" after a deformation | transformation. It is a block diagram which shows the structural example of a web font server. It is a block diagram which shows the structural example of a security font authentication apparatus. It is a flowchart which shows an example of a security font production | generation process. It is a flowchart which shows an example of a security font authentication process.

  Hereinafter, modes for carrying out the present invention will be described.

  First, the configuration of the security font system according to the present embodiment will be described with reference to the drawings.

  As shown in FIG. 1, the security font system 1 is composed of a security font generation device 10, a web font server 20, and a security font authentication device 30, which communicate with each other via a network N such as the Internet. Connected as possible.

  FIG. 2 is a block diagram illustrating a configuration example of the security font generation device.

  The security font generation device 10 is composed of, for example, a general-purpose computer or the like, and includes a storage unit 11, a control unit 12, and a communication unit 13, as shown in FIG.

  The storage unit 11 is composed of a hard disk drive, for example, and stores a plurality of types of outline font data m corresponding to each character.

  The outline font data m represents the shape of a character, and the straight line and / or the curve which comprise the outline of a character with a coordinate value.

  In the present embodiment, the outline font data m is a Post Script font using a quadratic Bezier curve, and the straight lines and / or curves constituting the outline of the character are vector data. (Start point xs, start point ys, control point xc, control point yc, end point xe, end point ye). Here, the control points xc and yc are coordinate values that control the degree of curve bending. In the case of a straight line, the coordinate values are (0, 0). The outline font data m may be a true type font using a cubic Bezier curve.

For example, the straight line and curve vector data (start point xs, start point ys, control point xc, control point yc, end point xe, end point ye) constituting the outline outside the character “B” shown in FIG.
(-100, -120, 0, 0, 18, -120),
(18, -120, 90, -114, 92, -60),
(92, -60, 97, -20, 57, -5),
(57, -5, 107, 11, 104, 55),
(104, 55, 108, 124, 18, 125),
(18, 125, 0, 0, -100, 125),
(-100, 125, 0, 0, -100, -120).

  2 includes, for example, a CPU (Central Processing Unit), a ROM (Read Only Memory), a RAM (Random Access Memory), and the like. From the outline font data m stored in the storage unit 11, the control unit 12 performs security. Generates font data ms.

  In the present embodiment, the control unit 12 first obtains the hash value h = H (m) of the outline font data m stored in the storage unit 11.

  Next, the control unit 12 obtains the embedded value u using the hash value h.

  Specifically, the control unit 12 first generates a random value k (1 ≦ k ≦ n−1) (n is a prime number) to obtain V = kG = (xv, yv). Here, G is a base point of the elliptic curve E on the finite field, and is expressed as G = (x, y) εE. N is the order of G. Next, the control unit 12 obtains the discriminant value c according to the following formula 3, and obtains the embedded value u using the secret key d (1 ≦ d ≦ n−1) and the discriminant value c.

  Subsequently, the control unit 12 obtains an exclusive OR of the outline font data m and the embedded value u, and generates security font data ms. The security font data ms generated in this way is based on an electronic signature (ECDSA: Elliptic Curve Digital Signature Algorithm) using an elliptic curve cryptography (ECC) in principle and has high security. It will be a thing.

  When the embedded value u is embedded in the least significant bit (LSB: Least Significant Bit) of the start point xs and ys and the end point xe and ye of the straight line and / or curve constituting the outline of the character The start points xs and ys and the end points xe and ye move only slightly. For this reason, the shape of the character changes only to such an extent that it is not noticed visually, or changes only to such a degree that it can be sufficiently recognized even if it is noticed.

  On the other hand, when the embedded value u is embedded in the most significant bit (MSB: Most Significant Bit) of the coordinate values of the start points xs and ys and the end points xe and ye of the straight line and / or curve constituting the outline of the character Since the start points xs and ys and the end points xe and ye move greatly, the shape of the character changes to such an extent that it cannot be recognized.

  For example, among the outer contour lines of the letter “B” shown in FIG. 3, the most significant bits of the coordinate values of the start points xs and ys and the end points xe and ye of the straight lines and / or curves constituting the right half contour line When the embedding value u is embedded, the shape of the character changes to such an extent that it is difficult to recognize “B” as shown in FIG.

  Of the outlines outside the character “B”, the embedded value u is embedded in the most significant bit of the coordinate values of the start points xs and ys and the end points xe and ye of the straight line and / or curve constituting the left half outline. Or the embedded value u may be embedded in all the most significant bits of the coordinate values of the start points xs and ys and the end points xe and ye constituting the contour line outside the character “B”. Good.

  In addition, when the embedding value u is embedded in the coordinate values of the straight control points xc and yc constituting the outline of the character, the straight line portion changes to a curve, so that the shape of the character cannot be recognized. Change.

  For example, when the embedding value u is embedded in the coordinate values of the straight line control points xc and yc constituting the outline outside the character “B” shown in FIG. (0,0) is changed to (0,1), etc., and the straight line portion changes to a curved line, so that the character shape changes to such an extent that it is difficult to recognize “B” as shown in FIG. To do.

  The embedding value u may be embedded in the coordinate values of the control points xc and yc of the straight line constituting the inner contour line of the character “B”, or the straight line constituting the inner contour line and the outer contour line may be The embedded value u may be embedded in both the coordinate values of the straight line control points xc and yc. Further, in addition to the coordinate values of the straight control points xc and yc constituting the outline of the character “B”, the embedding value u may be embedded in the coordinate values of the curved control points xc and yc, or the straight line control may be performed. Instead of the coordinate values of the points xc and yc, the embedding value u may be embedded only in the coordinate values of the control points xc and yc of the curve.

  In the present embodiment, the control unit 12 uses the binary representation of the embedding value u, and sets the embedding value u to the coordinate values of the control points xc and yc among the coordinate values of the contour lines constituting the outline font data m. The security font data ms is generated by embedding.

  The control unit 12 embeds the embedding value u in the least significant bits of the coordinate values of the start points xs and ys and the end points xe and ye among the coordinate values of the straight lines and / or curves constituting the outline of the character. Alternatively, the embedded value u may be embedded in the most significant bits of the coordinate values of the start points xs and ys and the end points xe and ye. Further, the control unit 12 converts the coordinate values of the straight line and / or the curve constituting the outline of the character to bits other than the least significant bit and the most significant bit of the coordinate values of the start points xs and ys and the end points xe and ye. The embedded value u may be embedded, or the embedded value u may be embedded in all the bits of the coordinate values of the start points xs and ys and the end points xe and ye. Alternatively, among the coordinate values of the straight line and / or curve constituting the outline of the character, the least significant bit and the most significant bit of the coordinate values of the start points xs and ys and the end points xe and ye, and the coordinates of the control points xc and yc The embedding value u may be embedded in any two of the values. Furthermore, the embedding value u may be embedded in all of the coordinate values of the straight line and / or curve constituting the outline of the character.

  The communication unit 13 shown in FIG. 2 is composed of, for example, a NIC (Network Interface Card) or the like, and sends a set (ms, u) of security font data ms and embedded value u to the web font server 20 via the network N. Upload.

  FIG. 6 is a block diagram illustrating a configuration example of the web font server.

  The web font server 20 includes, for example, a framework, a workstation, and the like, and includes a communication unit 21, a storage unit 22, and a control unit 23.

  The communication unit 21 includes, for example, a NIC and receives a set (ms, u) of the security font data ms and the embedded value u uploaded from the security font generation apparatus 10 via the network N.

  The storage unit 22 is configured by, for example, a hard disk drive or the like, and stores download data of the authentication application program, a set (ms, u) of the security font data ms and the embedded value u received by the communication unit 21, and the like. The authentication application program includes cQ as a system parameter in addition to the above-described order n, discriminant value c, and base point G. Here, Q is a public key, and is obtained by calculating Q = dG on an elliptic curve E on a finite field.

  The control unit 23 includes, for example, a CPU, a ROM, and a RAM. The web font server 20 is appropriately executed by the CPU executing various programs stored in the ROM, the storage unit 22, and the like using the RAM as a work memory. Control the operation of each part.

  FIG. 7 is a block diagram illustrating a configuration example of the security font authentication apparatus.

  The security font authentication device 30 includes a general-purpose computer and a general-purpose printing device, and includes a communication unit 31, a storage unit 32, a control unit 33, and a display unit 34, as shown in FIG.

  The communication unit 31 is constituted by, for example, a NIC or the like, and receives an authentication application program from the web font server 20 via the network N, a set (ms ′, u ′) of security font data ms ′ and an embedded value u ′, and the like. to download.

  The storage unit 32 is constituted by, for example, a hard disk drive or the like, and an authentication application program downloaded from the web font server 20 is installed in advance.

  The control unit 33 includes, for example, a CPU, a ROM, a RAM, and the like, and authenticates the security font data ms ′ downloaded from the web font server 20 by starting an authentication application program installed in the storage unit 32.

  In the present embodiment, the control unit 33 first obtains an exclusive OR of the security font data ms ′ downloaded from the web font server 20 and the embedded value u ′, and generates outline font data m ′.

  Next, the control unit 33 obtains a hash value h ′ = H (m ′) of the outline font data m ′. Subsequently, the control unit 33 obtains the discriminant value cp using the system parameters (n, c, G, cQ) included in the authentication application program according to the following formula 4.

  Then, the control unit 33 determines whether or not the discriminant value cp obtained according to Equation 4 and the discriminant value c included in the system parameter match. If not, it is determined to be invalid.

  The display unit 34 is composed of, for example, an LCD (Liquid Crystal Display) or the like, and displays the character having the shape indicated by the outline font data m ′ generated by the control unit 33 and the determination result by the control unit 33.

  Next, security font generation processing by the security font generation apparatus having the above configuration will be described with reference to the drawings.

  FIG. 8 is a flowchart illustrating an example of the security font generation process.

  In the security font generation process shown in FIG. 8, the control unit 12 first obtains the hash value h = H (m) of the outline font data m stored in the storage unit 11 (step S11).

  Next, the control part 12 calculates | requires the discriminant value c using the hash value h calculated | required by step S11 (step S12). Further, the control unit 12 obtains the embedded value u using the hash value h obtained in step S11 and the discriminant value c obtained in step S12 (step S13).

  Subsequently, the control unit 12 obtains an exclusive OR of the outline font data m and the embedded value u calculated in step S13, and generates security font data ms (step S14).

  Then, the control unit 12 uploads the set (ms, u) of the security font data ms generated in step S14 and the embedded value u obtained in step S13 from the communication unit 13 to the web font server 20 ( Step S15), the security font generation process is terminated.

  Next, security font authentication processing by the security font authentication apparatus having the above configuration will be described with reference to the drawings.

  FIG. 9 is a flowchart illustrating an example of the security font authentication process.

  The control unit 23 starts the security font authentication process shown in FIG. 9 in response to the fact that the communication unit 21 has downloaded the set (ms ′, u ′) of the security font data ms ′ and the embedded value u ′. .

  In the security font authentication process, the control unit 33 first activates the authentication application program installed in the storage unit 32 (step S21).

  Next, the control unit 33 obtains an exclusive OR of the security font data ms' downloaded from the web font server 20 and the embedded value u ', and generates outline font data m' (step S22).

  Subsequently, the control unit 33 obtains a hash value h ′ = H (m ′) of the outline font data m ′ (Step S <b> 23).

  Further, the control unit 33 obtains the discriminant value cp using the hash value h ′ obtained in step S23 and the system parameters (n, c, G, cQ) stored in the storage unit 32 (step S24). .

  Furthermore, the control unit 33 determines whether or not the determination value cp obtained in step S24 matches the determination value c included in the system parameters (n, c, G, cQ) (step S25).

  If the discriminant value cp matches the discriminant value c in step S25 (step S25; Yes), the control unit 23 sets “valid” together with the character having the shape shown in the outline font data m ′ generated in step S22. Is displayed on the display unit 34 (step S26), and the security font authentication process is terminated.

  On the other hand, when the discriminant value cp and the discriminant value c do not match in step S25 (step S25; No), the control unit 33, together with the character having the shape indicated by the outline font data m ′ generated in step S22. After displaying the authentication result “invalid” on the display unit 34 (step S27), the security font authentication process is terminated.

  Specifically, when the security font data ms 'has not been forged / tampered, the outline font data m' generated in step S22 matches the original outline font data m. For this reason, the shape of the character shown in the original outline font data m is restored and displayed on the display unit 34. Further, since the discriminant value cp and the discriminant value c match (step S25; Yes), an authentication result “valid” is obtained and displayed on the display unit 34.

  On the other hand, if the security font data ms 'has not been forged / tampered, the outline font data m' generated in step S22 is different from the original outline font data m. For this reason, the display unit 34 displays a character having a shape different from that of the character indicated in the original outline font data m. Further, since the discriminant value cp and the discriminant value c do not match (step S25; No), an authentication result of “invalid” is obtained and displayed on the display unit 34.

  As described above, in the security font system 1 according to the present embodiment, the security font generation device 10 first determines the embedded value u using the discrimination value c and the hash value h of the outfont data m. Next, the security font generation device 10 calculates an exclusive OR of the outfont data m and the embedded value u, and among the coordinate values of the vector data constituting the outfont data m, the start points xs and ys, The security font data ms is generated by embedding the embedded value u in the coordinate values of the end points xe and ye and / or the control points xc and yc.

  On the other hand, the security font authentication device 30 calculates the exclusive OR of the security font data ms ′ and the embedded value u ′, and generates outline font data m ′ that is the same as the original outline font data m. The character shape indicated by the outline font data m is restored. As a result, it is possible to improve the safety by preventing the outflow of text created using the outline font data m.

  In addition, since the embedding value u is embedded in the coordinate values of the straight control points xc and yc constituting the outline of the character and the straight line portion is changed to a curve, the shape of the character changes to an extent that cannot be recognized. As a result, it is possible to further prevent the outflow of text created using the outline font data m and further enhance the safety.

  Further, the security font authentication device 30 calculates the discrimination value cp using the judgment value c and the hash value h ′ of the outline font data m ′. Then, the security font authentication device 30 can authenticate whether or not the security font data ms ′ has been forged or falsified by determining whether or not the determination value c and the determination value cp match. Therefore, it is possible to improve the safety by preventing forgery / falsification of sentences.

  Further, since the security font data ms is created based on an electronic signature using elliptic curve cryptography, a document created using the security font data ms is more secure.

  In addition, this invention is not limited to the said embodiment, A various deformation | transformation and application are possible. Hereinafter, modifications of the above-described embodiment applicable to the present invention will be described.

  In the above embodiment, the outline font data has been described as an example of the content data. However, the present invention is not limited to this, and any content can be used as long as the content can be expressed by vector data. Not only characters but also still images, moving images, and voices can be expressed by vector data. May be.

  In the above embodiment, an example using elliptic curve cryptography for detecting forgery / falsification of content data has been described. However, the present invention is not limited to this, and RSA (Rivest-Shamir-Adleman) cryptography or Elgamal cryptography is used. Public key cryptography (asymmetric key cryptography) may be used. If the algorithm is such that only the key holder can decrypt the code by embedding encryption in the coordinate values of the start points xs and ys, the end points xe and ye, and / or the control points xc and yc of the outline font data m, AES (Advanced Encryption Common key encryption (symmetric key encryption) such as Standard) encryption and DES (Data Encryption Standard) encryption (preferably 3DES (Triple DES) encryption) can also be applied. As an example, a system that cannot correctly restore the character shape indicated by the original outline font data m even if a third party other than the key holder decrypts it, or a secret communication that is used by encrypting secret information and embedding it in the outline font data m Etc. are considered.

  In the above embodiment, when the discriminant value cp and the discriminant value c do not match, the control unit 33 displays the authentication result “invalid” on the display unit 34 together with the character having the shape indicated by the outline font data m ′. Explained as what to do. That is, the description has been made assuming that the character having a shape different from the character indicated by the original outline font data m is displayed on the display unit 34. However, the present invention is not limited to this, and when the discriminant value cp and the discriminant value c do not match, only the authentication result “invalid” is displayed, and the outline font data m ′ indicates You may make it not display the character of a shape.

  As described above, when the embedding value u is embedded in the least significant bits of the coordinate values of the straight line and / or the start point xs and ys of the curve and the end point xe and ye constituting the outline of the character, the shape of the character is It changes only to the extent that it is not noticed visually, or changes that are noticeable even if it is noticed. For this reason, when the discriminant value cp and the discriminant value c do not match, only the authentication result “invalid” is displayed, and the character having the shape indicated by the outline font data m ′ is not displayed. Therefore, it is possible to increase the safety by preventing the document created using this from being leaked. Furthermore, this makes it possible to perform high-speed display even when the processing capability of the security font authentication device 30 is weak.

  In the above embodiment, the description has been given assuming that the character having the shape indicated by the outline font data m ′ is displayed on the display unit 34. However, the present invention is not limited to this, and the output method of the character having the shape indicated by the outline font data m ′ is arbitrary, and the character having the shape indicated by the outline font data m ′ is predetermined by a general-purpose printing apparatus. It may be printed on a print medium.

  Furthermore, a string of characters may be quantified with relative coordinates in order to enhance safety. In this way, even if the security font data ms is decrypted, if the relative coordinates cannot be decrypted, for example, “Good morning” will fail to reproduce the series of “Good morning”. Can be strengthened.

  In the above embodiment, the programs executed by the CPUs of the control units 12, 23, and 33 are stored in advance in a ROM or the like. However, the present invention is not limited to this, and the security font generation apparatus according to the above-described embodiment can be applied by applying a program for executing the above-described processing to an existing general-purpose computer, a framework, a workstation, or the like. 10 may function as the web font server 20 and the security font authentication device 30.

  A method for providing such a program is arbitrary. For example, the program may be stored and distributed on a computer-readable recording medium (flexible disk, CD (Compact Disc) -ROM, DVD (Digital Versatile Disc) -ROM, etc.). Alternatively, the program may be stored in a storage on a network such as the Internet and provided by downloading it.

  Further, when the above processing is executed by sharing an OS (Operating System) and an application program, or by cooperation between the OS and the application program, only the application program may be stored in a recording medium or storage. It is also possible to superimpose a program on a carrier wave and distribute it via a network. For example, the program may be posted on a bulletin board (BBS: Bulletin Board System) on the network, and the program may be distributed via the network. Then, this program may be activated and executed in the same manner as other application programs under the control of the OS, so that the above processing can be executed.

DESCRIPTION OF SYMBOLS 1 Security font system 10 Security font production | generation apparatus 11 Memory | storage part 12 Control part 13 Communication part 20 Web font server 21 Communication part 22 Storage part 23 Control part 30 Security font authentication apparatus 31 Communication part 32 Storage part 33 Control part 34 Display part

Claims (3)

Content data processing for restoring the content indicated by the first content data from the second content data obtained by calculating the exclusive OR of the first content data representing the content as vector data and a predetermined embedded value A device,
An exclusive OR calculating means for restoring the content indicated by the first content data by calculating an exclusive OR of the second content data and the predetermined embedded value;
Content data authentication means for authenticating the second content data;
With
The predetermined embedding value is obtained using a first discrimination value and a hash value of the first content data,
The content data authentication means includes
A hash value calculating means for calculating a hash value of the exclusive OR calculated by the exclusive OR calculating means;
Second discriminant value calculating means for calculating a second discriminant value using the first discriminant value and the hash value of the exclusive OR calculated by the hash value calculator;
A match determination means for authenticating the second content data by determining whether or not the first determination value and the second determination value calculated by the second determination value calculation means match;
Including
The predetermined embedding value for which an exclusive OR between the first discriminating value and the first content data is calculated is c, the predetermined embedding value u, and the first content. The hash value of the data is h, the base point of the elliptic curve E on the finite field is G, the order of the base point G is n, the predetermined random value is k (1 ≦ k ≦ n−1), V = kG = ( xv, yv), where d (1 ≦ d ≦ n−1) is the secret key,
The second discriminant value calculating means calculates the predetermined embedded value u ′ for which an exclusive OR with the second content data is calculated, the hash value of the exclusive OR is h ′, and the public key is Q = dG, where the second discriminant value is cp, the second discriminant value is calculated according to the following formula 2.
A content data processing apparatus. The vector data includes coordinate values of control points of straight lines and / or curves constituting the content,
The second content data calculates an exclusive OR of the first content data and the predetermined embedding value, and embeds the predetermined embedding value in the coordinate value of the control point in the vector data. Obtained by
The content data processing apparatus according to claim 1, wherein: The vector data includes a coordinate value of a start point and a coordinate value of an end point of a straight line and / or a curve constituting the content,
The second content data is obtained by calculating an exclusive OR of the first content data and the predetermined embedding value, and adding the predetermined coordinate value of the start point and the end point of the vector data. Obtained by embedding the embedded value of
The content data processing apparatus according to claim 1, wherein the content data processing apparatus is a content data processing apparatus.