JPH03151738A - Verification data generating system - Google Patents

Abstract

PURPOSE:To detect the presence of forgery of file content and the forged part by splitting a file data, applying logical operation while deviating one by one bit compressed sentence generated to each of split file data. CONSTITUTION:A message 303 for an object of verification, a verification data generating program 304, a verification program 305 and a hash function 306 are stored in a memory 302 in a computer and a CPU 301 uses the data to generate and verify a verification data. A message M being an object for generating the verification data is decided into (n) as M(i)(i=0...n), and a partial compression sentence HI(i)(p-bit) is generated with respect to the M(i) by using the hash function (h). The generated partial compression sentences HI(i) are deviated one by one bit to obtain exclusive OR and the result is used for the verification data HI in (p+n-1) bits. That is, the exclusive OR between the 2nd bit data of the HI(1) and the 1st bit data of the HI(2) is the 2nd bit data of the verification data.

Description

DETAILED DESCRIPTION OF THE INVENTION [Field of Industrial Application] The present invention relates to a data generation method for verifying electronic files.

[Conventional technology]

As the use and storage of electronic data becomes more popular, technology to authenticate the validity of files becomes increasingly important. The technique of expressing the contents of a file using compressed text is one of the effective techniques for checking the contents of a file. This is a technology that compresses a large amount of file data using a hash function to create an authenticator (compressed text) approximately 64 bits long. If the contents of the file data change even by one bit, a completely different compressed sentence will be generated, making it possible to detect whether or not the data has been tampered with. An electronic seal has been proposed that applies public key cryptography to this technology to ensure the security of the electronic transactions described above.

[Problem to be solved by the invention]

However, it is possible to detect whether or not there has been tampering (5). However, it is not possible to detect tampered parts.

In order to deal with this problem, an improvement plan was devised (Japanese Patent Application No. 321220/1982). This system stratifies files, generates and saves compressed text for each layered file data, and detects tampering at a later date. However, this method has the disadvantage that the amount of information to be stored increases because each compressed sentence is stored.

[Means to solve the problem]

We devised a verification data generation method for the above problem.

This involves dividing the file data, shifting the compressed sentences created for each divided file data one by one, and performing a logical operation. Alternatively, in order to improve the detection probability, each compressed sentence is divided into two, optimally arranged, and a logical operation is performed on each rearranged compressed sentence.

[Effect]

The technical measures described above produce the following effects.

1. After generating the file verification data (ex, 416 bits), it is possible to know if the file data has been tampered with (6).

2. The difference in verification data before and after file tampering makes it possible to detect the tampered position of file data with a high probability.

〔Example〕

Embodiments of the present invention are shown in FIGS. 1-9.

[Embodiment 1] FIGS. 1 to 4 show an example of a data generation method for verifying an electronic message M and a message tampering verification.

FIG. 1 is a flow diagram showing one method of generating verification data. FIG. 2 is a flow diagram illustrating one method for detecting message tampering.

FIG. 3 is an example of a computer that performs processing.

FIG. 4 shows an actual image of the verification data generation shown in FIG.

(7) In FIG. 3, a message 303 to be verified is stored in memory 302 on the computer. Verification data generation program 30
4. Verification program 305 and hash function 306
are stored, and the CPυ 301 uses these to generate and verify verification data. The verification data generation means is shown according to the steps (step) of the flow shown in FIG.

5tepl OO: Start gtepl O1: Set the name M of the message for which verification data is to be generated, divide the message into n pieces,
Let each be M(i) (i=o...n).

Also, the count i is set to O.

5tepl 02: If count i is i < n, proceed to 5step 103; if i≧n, proceed to 5step 107
Proceed to.

5tepl 03: Read message M(i).

5tepl O4: Generate part compressed sentence H1(i) (p bits) for M(i) using a hash function.

5tepl O5: Store part compression statement H1(i) in memory 30
Evacuate to 2-E.

(8) step O6: add 1 to i, 5step 102
Proceed to.

5tepl O7: Set the count to 1ti-0.

5tep], 08: If count i is i < n, proceed to 5step 109, if i≧n, proceed to 5tepl
Proceed to step 11.

5tepl O9: Created part compression sentence H1(i) to 1
Shift each bit bit by bit to find exclusive OR, and convert this to (p+
n-1) bit verification data H1.

In other words, the exclusive OR of the second bit of HI(1) and the first bit of HI(2) becomes the second bit of the verification data.

The exclusive OR of the 3rd bit of 1-11(1), the 2nd bit of HI(2), and the 1st bit of Hl(3) becomes the 3rd bit of the verification data.

5tepl 10: Add 1 to i, 5tepl O
Proceed to step 8.

5tepl 11: Output verification data HI.

5tepl 12: End.

Next, an example of verifying a force whose message M at the time of creating the verification data H1 and the current message M' are equivalent will be shown in accordance with the flowchart of FIG.

(9) step 200: Start 5 step 201: Already generated verification data H of M
Enter 1.

5tep202: For the message M" to be verified, generate verification data according to 5tep 100 to 5tepl 12, and set this as Hl".

5tep203: Compare the verification data H1 and )I I', and detect a mismatched portion. If it matches, 5te
The process proceeds to step p204, and if they do not match, the process proceeds to step ρ205.Step 204: It is determined that messages M and M# are the same, and the process proceeds to step 5207.

5step 205: It is determined that messages M and M" are not the same.

5tep206: Detect the tampered part of the message M' from the detected position of the mismatched part.

For example, in Figure 4, if Hl and HI' are compared, if the position of dH is affected, Hl(3) and Hl
”It is obvious that (3) does not match, and as a result, it can be seen (]O) that M(3) has been tampered with.

5 step 207: End.

[Embodiment 2] FIGS. 5 to 8 show a method for generating verification data for an electronic message M and another example for verifying data tampering.

FIG. 5 is a flow diagram showing one method of generating verification data. FIG. 6 is a flow diagram illustrating one method for detecting message tampering.

FIG. 7 and FIG. 8 show an actual image of generation of verification data.

In FIG. 5, FIG. 7, and FIG. 8, the procedure for generating verification data is shown.

The message M is divided into n pieces, a p-bit partially compressed sentence is generated for each divided message, the partially compressed sentence is divided into S pieces, and the pieces are rearranged to generate verification data.

At this time, in order to increase the dispersion in rearrangement, for example, n
, s, and p are set so that the following relational expression holds.

n>(2p/s-1)2 (11) Here, file M is divided into 26 parts, each part compressed sentence to be created is 6 bits 1~, and each part compressed sentence is divided into two and replayed. Deploy. The verification data generated from each part compressed sentence is 31 bits.

5step500: Start step, p501: Set each name M of the message to be the target of verification data generation, divide the message into 26 pieces, and divide each into M(i) (i=1.2...26 ). Also, the count j is set to O.

5tep502: If count j is i x 26, 5t
The process advances to step 503, and if i≧26, the process advances to step 507.

5step 503: Read M(i).

5tep504: Create a partial compression sentence H1l(i) (6 bits) for M(i) using a hash function.

5tep505: Store part compression sentence H1l(i) in memory 3
02.

5tep506: Add 1 to i and proceed to 5tep501.

step 507: Set count i to O.

(12) Step 508: If count i is 26, then 5t
Proceed to ep509, and if i≧26, proceed to 5tep512.

5step509: Created part compression sentence HI [(i)(
HII the left 3 bits of i=1, 2...26)
(i)L, and the right three bits are H(i)R.

HII' (i) L = HII (i) L
(i = 1, 2...26).

H■' (i)R=Hn(,1)R(i =1.2・
...26) and rearrange j according to the following rules.

(1) 1≦j≦26, (2) H■(j)R#HII' (p) R(p<j), (3) Hn' (i) HIE' affected by R
(k) R (i-2≦k<i+i<k≦i+2) is H
Hll(f)R(,i
-2≦f<j, j<f≦J+2), but (4) HI
f (,j)L influences H1l' (m)R(
j-5≦m≦j-1), HII'(i)L does not affect Hll(n)R (i+1≦n≦i+4).

5tep510: Created part compression sentence H'II(i)
is shifted by 1 pixel to obtain an exclusive OR, and this is set as (p+n-1) bit verification data H■. In other words, the exclusive OR of the second bit of HIE' (1) and the first bit of H11' (2) becomes the second bit of the verification data. The third bit of HII' (1) and HII' (
The exclusive OR of the second bit of 2) and the first bit of Hn' (3) becomes the third bit of the verification data.

step ρ511: Add 1 to i and proceed to step 508.

5tep512: Output the verification data Hll.

5 step 513: End.

FIG. 7 shows an example of verification data generated according to the above procedure.

Next, an example of verifying whether the message M at the time of creating the verification data HII described in -1; and the message M' at the present time is equivalent will be shown according to the flowchart of FIG.

5tep600: Start 5tep601: Already generated verification data H of M
Enter II.

(13) (14) 5tep602: Regarding the message M" that is the subject of verification, according to 5tep500 to 5tep513,
The same type of rearrangement as that used to generate the verification data H1l is performed to generate verification data for the message M", which is designated as HII".

5tep603: Compare the verification data H1l and H1l', and if they match, proceed to 5tep604; if they do not match, proceed to 5tep605.

step ρ604: It is determined that the messages M and M' are the same, and the process proceeds to step ρ607.

step ρ605: It is determined that messages M and M# are not the same.

steρ606: Compare tampering detection compressed text H and HII'' before and after file data tampering. If M(5) is tampered with, D
1 and D2 do not match.

Therefore, the following judgment can be made from the configuration of the tampered part.

Tampered part = D1nD2 = (Hn (3) LUHn (4) LUHII (5) LLI
HII (6) LUHII (7)) L (15) tJ (841 (7) RUHII (10) RUHII (
13)RUHII(16)R)(Hn(17)LLJH
n(18)LLIHI[(19)LUHTI(20)L
LJH (21)) LU (Hll (23) RUHII (
26) RLIHII (5) RUI old 1 (1) RLJI old 1 (11) R) = H (5) It is possible to detect that M (5) has been tampered with.

However, n here is a logical product, meaning that L and R are a pair. 5step 607: End.

[Modification 1] Example 1. In the generation of test NiE data in Example 2,
The same function can be achieved even if each generated part compressed sentence is processed by logical operations other than exclusive OR (logical sum, logical product, etc.).

[Modification 2] Example 1. In the verification data generation of Example 2, the same function can be achieved even if the compressed sentences of each generated part are shifted by m (1≦m≦p) bits and logical operation processing is performed (m is often The more verification data is retained, the more the probability of detecting a tampered position increases).

[Variation 3] In the second embodiment, each compressed sentence of the divided portion is divided into three or more parts. For example, if HII is divided into three parts, HnL (
i), I(nM(j), HnR(i)(i=1°2...
n), and Hn' (i)L=HIl(i)L(i=1.2-・=
26).

H1l' (i) M=HII(j) R(i=1.2...
...26) Toshi 1. Rearrange the objects according to the following rules.

(1) 1≦j≦26, (2) 1≦≦26, and H1l' (j) For k that exists in the range where M influences, HIT'(,j)
Let M≠HII' (k)M.

Also, H1l' (i)R,=HIII(j)R(i=
1.2...26) and rearrange j according to the following rules.

(1) 1≦j≦26, (2) 1≦≦26, and for k existing in the range where HI[' (j)R affects (17), Hn'(j)R≠ H
Let n' (k)R.

It is also possible to calculate the exclusive OR by shifting the rearranged part compressed sentence H'II(i) by one bit and use this as the (p+n1) bit verification data H11.

[Modification 4] Example 1. The verification data generation method generated in Example 2 is as follows:
It can be used for electronic sealing in electronic transaction authentication.

5tep 911: Divide the transaction record 900 into 353 parts, create a compressed sentence (64 bits) for each part, and create a compressed sentence 903 (416 bits) for detecting a tampered part.
, or create by 2.

5tep912: Compressed sentence 902 (h
(M) ).

5Lep913: (Status data 904 such as time of compressed text 90211 tampered part detection compressed text 9031132 bits) as electronic manuscript text (512 bits) 901,
Perform cryptographic processing using public key cryptography.

(18) [Modification 5] Example 1. The verification data generation method generated in Example 2 is as follows:
It can be used as an authenticator in file authentication.

[Modification 6] It is also possible to generate verification data and perform verification on an IC card.

[Modification 7] It is also possible to save the generated verification data in an IC card.

[Modification 8] In the second embodiment, when performing verification using verification data, it is possible to add probabilistic evaluation. In Example 2, Dl and D2 are affected due to the falsification of message M(5), but HIIL(5) and HIIR(10) have the highest probability of affecting Di. HIIL (19
), HII R(5), so the tampered site = D
1nD2 (19) = (HII(5)LUHII(10)R)(Hll(1
9) It can be verified that LUHII(5)R)=H(5).

This is effective for applications such as detecting tampered locations in multiple locations.

〔effect〕

In the present invention, when there is file division information and file compressed sentences before and after file tampering and compressed sentences for tampering detection can be generated, the following effects can be obtained.

1. Compressed text for detecting file tampering before tampering (ex,
416 bits) If the file data is tampered with after being generated, it is possible that

2. Based on tampering verification data before and after file tampering,
It becomes possible to detect the tampered position of file data with a considerable (20) probability.

[Brief explanation of the drawing]

Each figure shows an embodiment of the present invention. FIG. 1 is a flow diagram showing a method for generating verification data, FIG. 2 is a flow diagram showing a method for detecting message falsification, and FIG. FIG. 4 is an explanatory diagram showing an actual image of the verification data generation shown in FIG. 1, and FIG. 5 is a flow diagram showing another method of verification data generation.
Figure 6 is a flow diagram showing one method for detecting message falsification, Figures 7 and 8 are explanatory diagrams showing an actual image of the verification data generation in Figure 5, and Figure 9 is a flow diagram showing a method for detecting message falsification. FIG. 3 is an explanatory diagram of an embodiment in which the data generation method is applied to electronic seals. (21) Symbol open flat a-1,)1155('Oj) hehehehehehehehe-hetsudeaf hζtohe cram school, +sw (,'++ ((" ( -eh K -e = m = -cs 'c> -c
s': C: 2: :C: x: ≥ 2 and ℃ Ling JP-A-3 151738 (11)

Claims (1)

[Claims] 1. In a data generation method for verifying an electronic message M, the message M is divided into n pieces, and M=M(1)||M(
2)｜｜…｜｜M(i)｜｜…｜｜M(n),
The divided n messages M(i) (i=1, 2...
n), a p-bit compressed sentence H(i) (H(i)=h(M(i)))(i=1, 2...
...n) and convert the compressed sentence H(i) (i=1, 2...n) into m bits (1
A logical operation was performed by shifting by ≦m≦p (p+m(n
-1)) A verification data creation method characterized in that bit data is used as verification data H corresponding to the message M. 2. In a data generation method for verifying an electronic message M, the message M is divided into n pieces, and M=M(1)||M(
2)｜｜…｜｜M(i)｜｜…｜｜M(n),
The divided n messages M(i) (i=1, 2...
n'', a p-bit compressed sentence H(i) (H(i)=h(M(i)))(i=1, 2...
...n), and the left half of the H(i) (i=1, 2...n) as H(i)L
(i=1, 2...n), the right half is H(i)R (i=1,
2...n), H'(i)L=H(j)L(1≦j≦n, and H'(
j) H(i
) L is rearranged to generate H'(i)L (i=1, 2...n), H'(i)R=H(j)R is 1≦j≦n, and H'
(j) R≠H'(p) R(p<i) and H'(f)
R(i-2≦f<i, i<f≦i+2)≠H(k)R(
j-2≦k<j, j<k≦j+2), and H'(m)R(j-5≦m≦j-1)≠H(n)R(i
Generate H'(i)R (i=1, 2...n) by rearranging H(i)R so that +1≦n≦i+5), and use the rearranged result as H'(i) (i=1, 2...n), and (p+m(n-1)) bit data obtained by shifting the H'(i) (i=1, 2...n) by m bits and performing a logical operation. A verification data creation method characterized in that the above message M and corresponding verification data H' are set as verification data H'. 3. In the verification data generation method according to claim 2, the created p-bit part compressed sentence H(i) (i=1, 2...
...n) into s (common divisor of p, s≠1, 2, p),
H(i)(1), H(i)(2), ......H(i)(r
),...H(i)(s)(i=1,2...n), H'(i)(1)=H(j)(1)(1≦j≦n, and H ′(j)(1)L≠H′(p)(1)(p<i))
H′(i)( which rearranges H(i)(1) so that
1) Generate (i=1, 2...n), and for r with 1<r≦s, (1≦x≦n), H′(i)(r) affects p bits. For x existing in the range, set H(i) so that H'(i)(r)≠H(x)(r)
)(r) rearranged H(i)'(r) (i=1, 2...
...n), and the rearranged result is H'(i) (i=1, 2...n). 4. The verification data generation method according to claim 2 or 3, in which the relational expression n>(2p/s-1)^2 holds true for messages divided into n pieces. 5. A file authentication method characterized in that the verification data according to any one of claims 1 to 4 is added to the compressed text of the file M. 6. The data obtained by adding status data such as time to the compressed text of the file according to any one of claims 1 to 5 is cryptographically processed using public key cryptography using a private key of public key cryptography, and this is An electronic sealing method characterized in that the file is used as authentication data.