JPWO2009148119A1 - Information processing system - Google Patents

Abstract

Prevent leakage of information through leaked electromagnetic waves when transmitting information using an image display device. When transmitting / receiving a certain image I, the sender S of the image I adds or subtracts an unpredictable numerical value from the image I to the outside instead of transmitting the image I to the receiver R of the image I. The image I ′ obtained by is transmitted. The receiver R restores and displays the image I from the image I ′ using an unpredictable numerical sequence agreed with the sender S in advance.

Description

  The present invention relates to an information processing system and, for example, relates to a technique related to measures against various information leaks such as TEMPEST.

  Various electrical devices that require calculation and control, such as small embedded microcomputers, central processing units (CPUs) mounted on personal computers and servers, are configured with many transistors with high functionality. It has become. The transistor is operating by applying power. In addition, power consumption during operation tends to increase as the operating speed (clock speed) increases. For example, the through current generated during switching of a CMOS inverter tends to increase as the clock speed increases. The through current flows from the power source to the ground line. Electromagnetic waves are radiated by changing the current of the grounding wire using the grounding wiring as an antenna. The greater the amount of change in current, the stronger the radiated electromagnetic wave. Such an electromagnetic wave generated unintentionally is called a leaked electromagnetic wave.

  The transistor groups are connected to each other by wiring extending in a semiconductor integrated circuit (IC). As a wiring material, metals such as copper and aluminum are generally used. When electrons pass through the wiring, the magnetic field and electric field around the wiring change due to the temporal change in the amount of passing electrons. The wiring is not only closed inside the IC.

  Some of the information transmitted on the wiring (which is often binary information corresponding to 0 or 1) is transmitted to the outside from the circuit that is compactly integrated into a chip, or transmitted from the outside. Come on. Here, the term “outside” refers to the outside as viewed in units of chips, or the outside as viewed in units of a certain functional module, and may not necessarily be physically outside the IC chip. This is because a technology such as SoC (System on Chip) in which a plurality of functions such as a computer and a memory device are integrated into one chip is also used. A technique of attaching electrode pads to each other instead of connecting the chips with explicit wiring has been developed, and the inner and outer boundaries of the IC chip are not always clear. Nevertheless, information is exchanged through wiring that connects a plurality of functional modules.

  In a general logic circuit in which the voltage is regarded as 1 if the voltage is equal to or higher than a certain threshold value, and is regarded as 0 if the voltage is less than the threshold value, it is important that the voltage is maintained on the signal transmitting side and the receiving side. The longer the distance from the signal transmitting side to the signal receiving side that is the voltage measuring side, the more the voltage drops due to the electrical resistance in the midway wiring. Therefore, the longer the wiring length for transmitting a signal, the higher the voltage of the signal on the transmission side is, so that the signal does not attenuate across the threshold in the middle. Obviously, in this case, the potential difference between when 1 is transmitted and when 0 is transmitted is significantly different. The greater the change in voltage per unit time, the greater the change in the electric field generated around it. Similarly, since a change in current occurs during switching, a change in magnetic field also occurs. In this way, an electromagnetic wave corresponding to the change in voltage is generated. That is, the transmission information corresponding to the change in voltage can be indirectly known by observing the change in the magnetic field or electric field generated around the wiring. In order to cope with the voltage drop in the wiring path, a method of boosting by installing an amplifier or the like in the middle is also used. Even in this case, it is the same that there is a correlation between the voltage fluctuation and the information to be transmitted.

  In a device that has been reduced in size and reduced in power consumption, the voltage required is small because the wiring length is short, and as a result of the phenomenon described above, changes in the magnetic field and electric field generated during operation are also small. In addition, electromagnetic waves generated when an information terminal such as a computer operates are controlled to reduce the intensity by conforming to standards such as VCCI. Nevertheless, it is possible to intercept faint electromagnetic waves by using a high-performance antenna or receiver.

  The intercepted electromagnetic wave includes information related to the operation status of the information terminal, represented by transmitted data. Therefore, if the intercepted information is analyzed appropriately, it is possible to read information about the keystroke content of the keyboard and the display content on the monitor.

  Since a monitor used for a personal computer or the like is also composed of a transistor and operates, an electromagnetic wave corresponding to the operating state is generated from the monitor 101 and the wiring 105 between the main body and the monitor 101 as shown in FIG. is doing. In general, the generated electromagnetic wave is weak, but can be intercepted by using the high-performance antenna 102 and the high-performance receiver 103. By analyzing and displaying the intercept result on the monitor 104 for displaying the intercept result, a screen corresponding to the display content of the monitor 101 can be reproduced. For example, when the monitor 101 is an LCD monitor, electromagnetic waves from the wiring 105 are more problematic than the monitor 101.

  In addition to electromagnetic waves propagating in the air, there are also electromagnetic waves propagating through metal parts included in the power cable and various connection cables of the apparatus. For example, the level of the ground terminal may fluctuate due to voltage fluctuations that occur during signal transmission or through current that occurs due to transistor switching, and the fluctuations may propagate through the power cable of the apparatus. The electrical signal propagating in the metal has a smaller attenuation amount per unit distance than in the case of propagating in the air, and the rate of noise mixing is smaller, so that it is possible to intercept at a far distance.

As a countermeasure, as shown in Patent Document 1, a shield is applied to the wall of the building to suppress information interception outside the building, and to shield and absorb electromagnetic radiation in the housing of the device. The leakage electromagnetic wave is confined inside the apparatus. In addition to shielding, measures are taken such as reducing high-frequency leakage electromagnetic waves by attaching low-pass filter parts to the signal cable and generating jamming radio waves that interfere with interception of leaked electromagnetic waves.
JP-A-6-209180

  However, the technique for providing a shield as disclosed in Patent Document 1 only reduces the amount of electromagnetic waves and does not cut off the signal source. In addition, when a stronger measure is required due to the performance improvement of the interception device, it is necessary to redesign the building and the device, which requires a great deal of cost. Furthermore, even when disturbing radio waves are generated, the upper limit is determined by standards such as VCCI, so there is a limit to the amount of jamming radio waves that can be generated. Therefore, a sufficient effect is not necessarily obtained for the purpose of obstructing the interception of leaked electromagnetic waves.

  The present invention has been made in view of such a situation, and provides a technique for preventing leakage of an original display image due to leakage electromagnetic wave interception without using a shield or a jamming radio wave.

  In order to solve the above-mentioned problems, the present inventors have different information transmitted between authorized senders and receivers and information intercepted by an unauthorized third party through the leaked electromagnetic wave without eliminating the leaked electromagnetic wave itself. If information transmitted between legitimate senders and receivers cannot be estimated from information intercepted by a third party, the information transmission device is focused on being safe from interception of leaked electromagnetic waves.

  The present invention provides an information display device and an information display method in which image information is normally transmitted between authorized senders and receivers and is not normally transmitted to a third party who intercepts leaked electromagnetic waves. For this purpose, the image generation and display apparatus and the image generation and display method of the present invention are based on processing and transmitting a display image in a form in which the original state cannot be restored from information intercepted by a third party. Furthermore, in order to restore the original display image information by performing reverse processing on the transmitted display image in a circuit immediately before being displayed to the viewer, the leakage electromagnetic waves depending on the image information being transmitted are intercepted. But no useful information can be obtained.

  As a more specific scene, consider transmitting and receiving a certain image I between regular communicators. Instead of transmitting the image I to the receiver R of the image I, the sender S of the image I transmits the image I ′ obtained by adding or subtracting an unpredictable numerical value from the image I to the outside. . Here, the unpredictable numerical value is generated by a pseudo-random number generator that the sender S and the receiver R agree to use in advance. That is, for example, the initial value of a pseudorandom number generator configured using a linear feedback shift register is determined in advance or agreed prior to transmission of image information, and is normally transmitted when an image is transmitted. By synchronizing the pseudo-random number generator based on the synchronization signal indicating the position of the leading pixel, the sender S and the receiver R can transmit each information without performing special information transmission other than the image I ′. The same numerical value can be shared for the pixel value of the coordinates.

  Generally, pixel information of each coordinate of an image to be transmitted / received is composed of 8 bits for each of red, green, and blue (RGB) and a total of 24 bits. Further, in a generally used VGA signal line, each color of RGB is independently expressed by a voltage value of 256 levels and transmitted. Since pixel information is handled digitally inside the computer, it is returned to analog data using a digital-analog converter at the stage of sending it to the VGA signal line, and sampled at a sufficient speed on the receiving side. Analog data is reconverted to digital data using an analog-to-digital converter. When a conventional cathode ray tube monitor (CRT) is used, it is not always necessary to convert analog data into digital data. However, in various display devices such as a liquid crystal monitor (LCD) which is mainly used in recent years, the display device has an internal structure. In general, digital signal processing is performed, and re-conversion to digital data is essential.

  Therefore, in the information display device of the present invention, the image information transmitted through the signal line is encrypted, thereby eliminating the correlation between the display image and the transmission information and observing the leaked electromagnetic wave depending on the transmission information. Prevent information about display images from being obtained.

  By the way, when information transmission using multi-gradation voltages such as 256 levels is performed, transmission is caused by signal attenuation according to the cable length, noise from the outside, synchronization deviation between the transmission side and the reception side, and the like. There may be several steps of voltage difference between the receiving side and the receiving side. In such a case, when a method of performing an exclusive OR process on a pixel value and a random number value as in the HDCP (High-bandwidth Digital Content Protection System) standard is used, normal decoding is performed on the receiving side. Can not be. This will be described with reference to FIG.

  FIG. 15 shows logical encryption of an image 1501 to be transmitted (assuming to be displayed on a display device) and a result image (1502 and 1503) when an error occurs when the image is encrypted and transmitted. And arithmetic encryption. More specifically, assuming that the generated image is analog-transmitted, the generated image is logically encrypted or arithmetically encrypted, and a simulation is performed assuming that a change in value of up to ± 10 gradations due to a sampling error or the like occurs in the middle. It is the result of having performed. The lower part (1504, 1505, 1506) in FIG. 15 shows an enlarged view of a part of the upper part image (1501, 1502, 1503).

  Particularly noteworthy in FIG. 15 is an image 1502 showing the effect of an error during transmission when logical encryption is performed. It can be seen that the pixel values are visually different from the generated image 1501 at a plurality of coordinates. Thus, it can be seen that logical encryption is more affected by errors than arithmetic (addition / subtraction) encryption.

  When the pixel value of the coordinate (x, y) of the original image is represented as p (x, y) and the random value corresponding to the coordinate is represented as r (x, y), the logical encryption is the encryption result p ′. In this encryption method, (x, y) is calculated as p ′ (x, y) = p (x, y) xor r (x, y). The operator xor means exclusive OR. During transmission of the encryption result p ′ (x, y), an unpredictable value ε (ε is −c <ε <c for a certain small value c) is added due to an error during transmission. When the result is expressed as p ″ (x, y), the decoding result q (x, y) on the receiving side is q (x, y) = p ″ (x, y) xor r (x , Y).

  FIG. 15 shows a decoding result q (x, y) obtained by generating r (x, y) as a uniform random number between 0 and 255 and generating ε uniformly when c = 10. It is a thing. Under the influence of ε, the image on the receiving side is greatly deteriorated.

  This is because the processing order of exclusive OR and addition / subtraction is not interchangeable. Since (((A xor B) + ε) xor B) ≠ A + ε, the decoding result is corrupted due to the influence of the noise component ε. An example of the failure of logical encryption will be described using specific numerical examples.

  For example, it is assumed that the pixel value p (x, y) = 220 and the numerical value r (x, y) = 20, and an error in which the value changes by −1 occurs during transmission. Encryption result p ′ (x, y) = p (x, y) xor r (x, y) = 200, and p ″ (x, y) = 199 due to an error. When this is decoded, q (x, y) = p ″ (x, y) xor r (x, y) = 199xor 20 = 211. An error of one gradation has expanded to a shift of nine gradations. As described above, when logical encryption is used, even a slight error during transmission greatly affects the result.

On the other hand, if arithmetic (addition / subtraction) encryption is used as in the present invention, the influence of transmission errors does not increase. The arithmetic encryption referred to in this specification is, for example, calculating the encryption result p ′ (x, y) as p ′ (x, y) = (p (x, y) + r (x, y)) modz. This is an encryption method. Decoding is calculated as (p ′ (x, y) −r (x, y)) modz, and the result is equal to p (x, y). Said z should just be a value larger than the maximum value of p (x, y) and r (x, y). In the case of transmitting and receiving by dividing the pixel into 8-bit RGB, as z = 2 ^8, it is sufficient to compute the pixel values for each color independently. If r (x, y) is a uniform random number between 0 and 255, no information about the pixel value p (x, y) of the original image can be obtained from p ′ (x, y) alone. .

  Here, when z = 256 and the above numerical example is used, p ′ (x, y) = (p (x, y) + r (x, y)) mod 256 = 240, and the result p of the transmission error p '' (X, y) = 239. The decryption result is q (x, y) = (p ″ (x, y) −r (x, y)) mod 256 = 219, and the error during transmission does not expand even when compared with logical encryption. I understand that.

  From the above, at the time of analog transmission in which an arithmetic error occurs, logical encryption cannot be used, and it is necessary to use arithmetic encryption as in the present invention.

  Arithmetic encryption is also effective for image processing inside a display device in recent years. As a typical example, an image luminance change process in a liquid crystal monitor will be described. There are two methods for changing the brightness of an image in a liquid crystal monitor. One is a method of adjusting the brightness of the backlight of the liquid crystal. Since the influence of the backlight extends over the entire display surface, it cannot be used for brightness adjustment in pixel units. The other is a method of changing the pixel value. The pixel value is increased to increase the brightness, and the pixel value is decreased to decrease the brightness. At this time, as described above, since the processing order of the logical operation and the arithmetic operation cannot be exchanged for the pixel value encoded using the logical encryption, the pixel value is increased or decreased as it is. I can't. For this reason, it is conceivable that the encrypted data is once decrypted and then re-encrypted by adding and subtracting the pixel value. However, in this case, the original pixel appears as digital data in a storage element on the substrate of the display device. This is not preferable because a leakage electromagnetic wave depending on the original pixel is generated.

  If arithmetic encryption is used as in the present invention, the luminance can be changed while maintaining the encoding state. In this case, addition / subtraction must be performed by modz.

  That is, an information processing system according to the present invention is an information processing system including an image generation device that generates an image and a display device that displays an image sent from the image generation device via a transmission path. Here, the image generation apparatus includes an encryption unit that encrypts an image by addition / subtraction encryption and generates an encrypted image, and an output unit that outputs the encrypted image to the transmission path. The display device also includes an input unit that receives the encrypted image, a decryption unit that decrypts the encrypted image using an inverse function of the function used in addition / subtraction encryption, and the decrypted image is displayed on the screen. A display unit.

  The image generation apparatus further includes a first pseudo random number generation unit that generates pseudo random numbers, and the encryption unit encrypts the image using the pseudo random numbers generated by the first pseudo random number generation unit. . The display device further includes a second pseudo random number generation unit that generates the same pseudo random number as the pseudo random number generated by the first pseudo random number generation unit, and the decoding unit includes the second pseudo random number generation unit. The encrypted image is decrypted using the pseudo-random number generated by the above. Furthermore, the image generation apparatus includes a clock generation unit that generates a synchronization signal. In this case, the output unit outputs the synchronization signal to the transmission path, and the first and second pseudorandom number generation units include the synchronization signal. Initialized in synchronization with Furthermore, the image generation apparatus includes an initialization unit that gives an initial value to the first pseudo-random number generation unit. In this case, the output unit outputs the initial value together with the synchronization signal, and the second pseudo-random number generation unit Generates a pseudo-random number using the initial value.

  The encryption unit performs an encryption process by calculating (X + Y) mod Z, where X is the output value of the first pseudo-random number generator and Y is the image with respect to the predetermined value Z, and the decryption unit If the output value of the pseudorandom number generator 2 is X and the encrypted image is W, (W−X) modZ is calculated to perform the decryption process.

  The display device further includes a display image processing unit that performs predetermined image processing on the encrypted image while maintaining the encryption state. In this case, the decryption unit is subjected to predetermined image processing. Decrypt the encrypted image.

  An information processing system according to another aspect of the present invention includes an image generation device that generates an image and a display device that displays the image transmitted from the image generation device via a transmission path. Here, the image generation apparatus executes a first encryption process on the image and generates a first encrypted image, and an output unit that outputs the first encrypted image to the transmission path And having. In addition, the display device performs the second encryption process directly on the input unit that receives the first encrypted image without decrypting the first encrypted image, and displays the second encrypted image as a second encrypted image. An encryption state conversion unit to be generated, a decryption unit that decrypts the second encrypted image, and a display unit that displays the decrypted image on the screen. The first encryption process is a logical encryption process, and the second encryption process is an addition / subtraction encryption process.

  Furthermore, an information processing system according to another aspect of the present invention includes an image generation device that generates an image, an image encryption device that encrypts an image and outputs an encrypted image to a transmission path, and a transmission path. A display device that decrypts and displays the encrypted image sent from the image encryption device. Here, the image generation device includes a first output unit that outputs the generated image to the image encryption device. The image encryption apparatus encrypts an image by addition / subtraction encryption using a first input unit that receives an image from a first output unit, a first pseudo-random number generation unit that generates a pseudo-random number, and a pseudo-random number. And an encryption unit that generates an encrypted image and a second output unit that outputs the encrypted image to a transmission path. The display device uses the input unit that receives the encrypted image, the second pseudo-random number generation unit that generates the same pseudo-random number generated by the first pseudo-random number, and the pseudo-random number, A decrypting unit that decrypts the encrypted image using an inverse function of the function used in the addition / subtraction encryption; and a display unit that displays the decrypted image on the screen.

  An information processing system according to another aspect of the present invention includes an image generation apparatus that generates a first encrypted image by a first encryption process, and converts the first encrypted image into a second encrypted image. Then, the first encrypted state conversion device that outputs to the transmission path, and the second encrypted image sent from the first encrypted state conversion device via the transmission path are converted into the first encrypted image. And a display device for displaying the first encrypted image after decryption processing by the decryption unit. In this case, the image generation device generates the first encrypted image using logical encryption, and the first encryption state conversion device converts the first encrypted image into the second addition / subtraction encrypted second Convert to encrypted image. Then, the decryption unit in the display device executes decryption processing using an inverse function of the function used for addition / subtraction encryption.

  Furthermore, an information processing system according to another aspect of the present invention includes an image generation device that generates an image, an image encryption device that encrypts an image and outputs an encrypted image to a transmission path, and the transmission path. An image decrypting device that decrypts the encrypted image sent from the image encrypting device, and a display device that displays the image decrypted by the image decrypting device. Here, the image generation device includes a first output unit that outputs the generated image to the image encryption device, and the image encryption device receives a first input unit that receives an image from the first output unit. A first pseudo-random number generation unit that generates a pseudo-random number, an encryption unit that encrypts an image by addition / subtraction encryption using the pseudo-random number, and generates an encrypted image, and transmits the encrypted image And a second output unit that outputs to the road. The image decryption apparatus uses an input unit that receives an encrypted image, a second pseudo random number generation unit that generates a pseudo random number that is the same as the pseudo random number generated by the first pseudo random number, and a pseudo random number. A decrypting unit that decrypts the encrypted image using an inverse function of the function used in the addition / subtraction encryption. Furthermore, the display device includes a display unit that displays the decoded image on the screen.

  Further features of the present invention will become apparent from the best mode for carrying out the present invention and the accompanying drawings.

  According to the present invention, it is possible to prevent leakage of an original display image due to interception of leaked electromagnetic waves without using a shield or jamming radio waves.

It is a figure which shows the structure of the apparatus which intercepts and analyzes leaked electromagnetic waves. It is a figure which shows schematic structure (1) of the computer used as interception object. It is a figure which shows schematic structure (2) of the computer used as interception object. It is a figure which shows schematic structure of ATM as an intercept object. It is a figure which shows schematic structure of the image generation display apparatus which encrypts at the time of image generation by 1st Embodiment. It is a figure which shows schematic structure of the image production | generation display apparatus provided with the initialization apparatus by 3rd Embodiment. It is a figure which shows schematic structure of the image production | generation display apparatus which performs encryption at the time of the image output by 4th Embodiment. It is a figure which shows schematic structure of the image production | generation display apparatus provided with the display image processing apparatus by 5th Embodiment. It is a figure which shows schematic structure of the image production | generation display apparatus provided with the encryption state conversion apparatus by 6th Embodiment. It is a figure which shows schematic structure of the image production | generation display apparatus provided with the independent image encryption apparatus by 7th Embodiment. It is a figure which shows schematic structure of the image production | generation display apparatus provided with the independent encryption state conversion apparatus by 8th Embodiment. It is a figure which shows schematic structure of the image production | generation display apparatus provided with the independent encryption apparatus and decryption apparatus by 9th Embodiment. It is an external view which shows the example of a terminal device provided with an image production | generation display apparatus. It is a figure which shows the external appearance structure of the image production | generation display apparatus by 9th Embodiment. It is a figure which shows the tolerance evaluation result to the error at the time of transmission of each encryption system. It is a figure which shows the difference between the production | generation image and transmission image in encryption.

  Hereinafter, embodiments of the present invention will be described with reference to the accompanying drawings. However, it should be noted that this embodiment is merely an example for realizing the present invention, and does not limit the technical scope of the present invention. In each drawing, the same reference numerals are assigned to common components.

  First, the basic configuration of a computer or ATM to which the present invention is applied will be described. Next, each embodiment related to a method of adding or subtracting a pseudo random number to each pixel value of a display image will be described.

<Basic configuration to which the present invention is applied>
The present invention provides an information display device for preventing information leakage due to interception of leaked electromagnetic waves, and assumes the exchange of image information between computers or between a computer and a monitor. As shown in FIG. 2, a general computer is a central processing unit CPU 201, a main storage RAM 202, and a secondary storage device HDD 206 (flash memory, CDROM, DVD, MO, FDD, USB memory). In some cases, the image processing apparatus includes a GPU 203 which is an image processing apparatus, and an I / O terminal 105 represented by an image output terminal and a network terminal. Each component of the apparatus is connected via a wiring 107 called an internal bus, and connection to a network or the like is made through an I / O terminal. The I / O terminal is used to connect to the R45 terminal, which is the Ethernet connection terminal, the R11 terminal, which is the connection terminal to the modem, the RS232C terminal for serial communication, the parallel terminal used for printer connection, and the keyboard and mouse. PS / 2 terminals, USB terminals that are universal connection terminals for various devices, SCSI terminals, connection terminals for microphones and earphones for voice input / output, and PCI for adding boards that provide expansion functions to computers A connection terminal, a VGA terminal for connecting to the external monitor 104, a DVI terminal, and the like are included.

  The GPU 203 is mainly used for speeding up 3D image processing, buffering of a plurality of screens, and the like, and the image processing of the present invention may be performed by the CPU 201. Since the GPU 203 itself has calculation capability, the GPU 203 may perform image processing. Further, the GPU 203 and the CPU 201 may share the image processing. In addition, image processing may be performed using an extension function board connected to a terminal for an extension function board such as a PCI terminal. The extended function board may be connected via a USB terminal or the like, and may be outside the computer casing.

  As shown in FIG. 3, in an apparatus that performs high-speed image processing, an I / O terminal 308 for monitor connection may be installed directly from the GPU 203. The I / O terminal 308 may be an output-only terminal that only outputs video, or may be an input / output compatible terminal that is assumed to be connected to a monitor having an input function such as a touch panel.

  The I / O terminal 308 provided in the GPU 203 is dedicated to video output, and input from a touch panel or the like may be connected to the I / O terminal 205 not via the GPU 203.

  When the processed image information is transmitted from the main body of the computer to the connected display device, the image information is decomposed and combined according to the VGA and DVI standards. The VGA decomposes the signal into RGB corresponding to the three primary colors and transmits it as an analog signal. At the same time, a vertical synchronization signal and a horizontal synchronization signal corresponding to the resolution and frame rate of the display screen are transmitted. On the monitor side, a dot clock (also called a pixel clock) is generated from the vertical synchronization signal and the horizontal synchronization signal, and appropriate pixel information is written in each coordinate according to the RGB signal. The RGB signal may be directly used for controlling a pixel drawing beam as in a CRT, or the RGB signal may be AD-converted and stored once in an internal buffer as in an LCD. In DVI, RGB signals are digitally decomposed and transmitted. A dot clock corresponding to the resolution and frame rate of the display screen is transmitted. In DVI, transmission can be performed with high precision so that errors during transmission can be ignored. Therefore, there is a standard for performing encryption. If encryption is used, there is no correlation between the true data transmitted and the data actually transmitted through the signal cable, so information leaked from the information transmitted through the signal cable can be used to infer the true data. Useless.

  In order to perform encryption, both the transmission side and the reception side of image data need to support the encryption standard. In DVI, unlike RGB, digital data is distributed to a plurality of signal lines and simultaneously transmitted in parallel. Therefore, the form of the generated electromagnetic wave is different from VGA. However, this is on the signal cable, and the data on the GPU or RAM that is buffering the display image is the same as the VGA, and once the transmission to the display device is completed, the encryption is released. Since the original data is restored, the data stored in the buffer of the display device is the same as the VGA. There is also a display device connected to a USB terminal. In this case, the display device is not necessarily decomposed into RGB signals and transmitted. In addition, a composite terminal may be used when displaying on a television monitor or the like. In this case, the image data is not represented by RGB but is represented by a luminance signal (Y) and a color signal (C), and is transmitted in a combined form of all the synchronization signals. In addition, Y and C may be transmitted separately as in a separate video terminal (S terminal). In addition, as in the case of the D terminal, the luminance signal (Y), the blue color difference signal (Cb / Pb), and the red color difference signal (Cr / Pr) may be separated. There is also an encrypted data transmission format such as HDCP that is digitized like an HDMI terminal and supports encryption at the time of data transmission.

  In the CRT monitor, the electron beam is irradiated from the upper left to the right according to the dot clock. The dot clock is a clock that determines the writing timing of one pixel in the horizontal direction. The electron beam moves to the right one pixel at a time according to the horizontal synchronizing signal, scans one line in the horizontal direction, and then returns to the left on the screen again. According to the vertical synchronizing signal, the electron beam moves downward line by line, scans to the bottom, and then returns to the top line. That is, the electron beam scans the entire screen from the upper left to the lower right by the horizontal synchronizing signal and the vertical synchronizing signal, and returns to the upper left again.

  On the other hand, the LCD monitor sequentially drives the transistors corresponding to the xy coordinates to write pixel values. In the case of an LCD monitor, since digital processing is possible, it is not always necessary to follow the order as in a CRT, and there is a method of rewriting line by line or a method of rewriting the entire screen at once. The CRT monitor is a method of emitting light for a short time by irradiating a fluorescent screen with an electron beam, and it is necessary to irradiate the electron beam again while there is afterglow. Since the LCD monitor can store pixel values, it may be necessary to recharge the charge of each pixel at a certain timing, but a method of rewriting only some of the coordinates that have changed is possible. Can be taken. This means that the movement of the transistor changes according to the change of the screen, so that the correspondence between the image data and the internal processing is more complicated in the LCD than in the CRT. In addition, the CRT monitor can have only one display surface, but since the LCD monitor has a transparent liquid crystal layer, it can have a plurality of display surfaces by providing a plurality of liquid crystal layers.

<ATM configuration>
FIG. 4 is a diagram showing the configuration of an ATM that is one of the implementation targets of the present invention. In FIG. 4, the control unit 406 corresponds to the CPU 203 and the internal bus 207 in FIGS. The control unit 406 may have its own RAM or HDD. The display unit 402 corresponds to the monitor 204, and the storage unit 407 corresponds to the HDD 206. In addition, the operation unit 403, the card reader unit 404, the deposit / withdrawal unit 405, the communication unit 408, the sensor unit 409, and the sound generation unit 410 correspond to the I / O 205 and 308. Therefore, in the case of ATM, the present invention prevents information leakage due to electromagnetic wave interception from the wiring between the control unit 406 and the display unit 402.

  The control unit 406 controls the display unit 402, the operation unit 403, the card reader unit 404, the deposit / withdrawal unit 405, the storage unit 407, the communication unit 408, the sensor unit 409, and the sound generation unit 410. The control unit 406 performs not only control of the entire ATM 401 but also processing such as card recognition, operator approach detection, and banknote handling.

  The display unit 402 displays service content guidance, processing procedures, and the like, and examples thereof include a CRT and a liquid crystal display. A display control device such as a GPU is also included in the display unit 402.

  The operation unit 403 is for inputting information from the user such as menu selection and password input, and examples include a keyboard and a touch panel. The card reader unit 404 is for reading information stored in a magnetic card or an IC card. The deposit / withdrawal unit 405 is for depositing / withdrawing banknotes for transactions such as insertion of banknotes for depositing and discharging banknotes for withdrawal. The storage unit 407 stores information for ATM processing, and examples include a hard disk and a memory. A program for operating the control unit 406, the communication unit 408, the sensor unit 409, and the like is stored in the storage unit 407.

  The communication unit 408 performs communication between the ATM 401 and an external computer or database through a line. An example of the sensor unit 409 is a human sensor that detects an operator's approach. The human sensor is a sensor whose main purpose is to detect whether a human, that is, an operator is present in a part close to the sensor by observing the generation state and reflection of infrared rays or the like. When the operator approaches a distance at which the ATM can be operated, the transaction service is started.

  The voice generation unit 410 includes a speaker for performing voice guidance for a person staying around the apparatus including the operator. A well-known method of using the sound generation unit 410 is to give an instruction for the next operation to the operator. The voice guidance can be further enhanced by linking with the display unit 402. For example, it is effective to display a video animation for inserting a cash card into the insertion slot on the display screen of the display unit 402 together with the voice guidance.

  The communication unit 408 is connected to a LAN or a telephone line so that data can be exchanged with a bank where an ATM is installed or an ATM management company. Here, the ATM management company is a company that performs ATM monitoring as mentioned in the subject of the present application, and constantly monitors a plurality of ATMs using a network-connected camera or the like. In the event that an ATM service should be stopped, a management company or a bank can send a service stop signal from the communication unit 408 to the control unit 406 of the ATM 401 via the network. In addition to 402 to 411, the ATM 401 includes other devices and processes such as a passbook printer.

  In the following embodiments, the present invention will be described in detail by taking an ATM device having the above-described configuration as an example.

<First Embodiment>
FIG. 5 is a diagram showing a schematic configuration of the image display apparatus according to the first embodiment of the present invention, and shows a basic configuration for encrypting transmission information by adjusting random numbers.

  The image generation display device of this embodiment includes an image generation device 501, a display device 502, and a transmission cable 509 connecting them.

  The image generation / output device 501 includes a display image generation device 503, an encryption device 504, a pseudo-random number generation device 505, an image storage device 506, an image output device 507, and a clock generation device 508. The display device 502 includes an image input device 510, a decryption device 511, a pseudo random number generation device 512, an image display device 513, and a clock conversion device 514. Note that a part of the image generation / display apparatus may be further provided with a CPU 515, a RAM 516, or the like in order to be built in a computer or simulated by software.

  In the image generation / display apparatus shown in FIG. 5, the encryption apparatus 504 receives the image generated by the display image generation apparatus 503 as an input image, and generates a transmission image generated by adding / subtracting the numerical sequence received from the pseudorandom number generation apparatus 505. Information is stored in the image storage device 506. The image output device 507 acquires transmission image information from the image storage device 506 and transmits an image to the display device 502 via the transmission cable 509.

  The image input device 510 of the display device 502 receives the image transmitted from the image generation / output device 501. The decryption device 511 decrypts the received image using the numerical sequence obtained from the internal pseudorandom number generation device 512. The image display device 513 displays the decoded image on the screen. The image display device 513 is a liquid crystal module using, for example, a method of controlling the backlight transmittance from behind using a liquid crystal element, and the light emitted from the image display device 513 is visually recognized by the user. .

  In a general computer, a display image generation device 503, an image storage device 506, an image output device 507, and a clock generation device 508 are integrated into a computer (corresponding to the image generation output device 501) as a graphic board. Often. In addition, the image generation / output device 501 of the present invention includes an encryption device and a pseudo-random number generation device.

  Here, for simplicity, a case will be described in which an image to be handled is an 8-bit gray image. The display image generation device 503 does not need to generate a new image at all times, and may store an image at the previous time in a built-in or separately provided storage device and retransmit it. The display image generation device 503 and the encryption device 504 are connected by an image input / output terminal. Alternatively, it is not always necessary to provide terminals, and since these devices do not need to be mounted in different packages, only the bus wiring may be used instead of the image input / output terminals.

The display image generation device 503 generates an image I to be displayed to the user and transmits it to the encryption device 504. The encryption device 504 also stores the result I ′ obtained by encrypting the image I in the image storage device 506 using the numerical sequence r _i (x, y) generated using the pseudo random number generation device 505. When the pixel value of the coordinates (x, y) of the image I is expressed as I (x, y), the encryption process is expressed as f (I (x, y), r _i (x, y)). . A specific example of the function f () will be described later. The image output device 507 transmits the image I ′ stored in the image storage device 506 and the clock generated by the clock generation device 508 to the display device 502 together. Here, the clock generated by the clock generation device 508 is a vertical synchronization signal, a horizontal synchronization signal, a dot clock, or the like that is generally used when displaying on a monitor, and the display device 501 is only part of them. However, it is not always necessary to generate all of them, and only necessary clocks are generated or transmitted. Of the transmitted image I ′ and clock information, the image I ′ is transmitted to the decoding device 511 and the clock information is transmitted to the clock conversion device 514.

  The clock conversion device 514 uses the received clock information to generate a clock that is actually used by the image display device 513. When receiving the image I ′, the decoding device 511 receives a numerical sequence from the pseudorandom number generation device 512, decodes the image I ′ using the numerical sequence, and sends the decoded image I ′ to the image display device 513. Here, a separate image storage device may be provided and temporarily recorded there, and then sent to the image display device 513.

When decrypting, a sequence of values r _i (x, y) obtained from the pseudo-random number generator 512 is used. Here, r _i (x, y) is a numerical value corresponding to the coordinates (x, y) of the i-th frame from the initialization point, and is, for example, a string of 8-bit values. If the image I ′ is an image having the size of XGA, 1024 × 768 = 307200 values are prepared. r _i (x, y) may be generated after the image I ′ is received, but a sufficient number of values may be generated and recorded in the storage device in advance. It is only necessary that the numerical sequence is generated in the same order as the pseudo random number generation device 505 used by the encryption device 504, and a plurality of pseudo random number generation devices may be provided in order to increase the processing speed. If the pixel value is 8 bits, the value supplied by the pseudorandom number generator takes a value between 0 and 255, and calculates the value as the pixel value of the corresponding coordinate of the image I ′, thereby obtaining the original image I. Get. Here, the calculation is a function g (I ′ (x, y) that receives an input image pixel value I ′ (x, y) of coordinates (x, y) and a value r _i (x, y) of the numerical sequence as inputs. This means that a decoded pixel value is obtained by calculating y), r _i (x, y)).

The encryption function f (A) can be, for example, a function that adds A with modular_z. That is, this is expressed as f (a, b) = (a + b) modz. As described above, z may be 256 (= 2 ⁸ ) when the pixel value is 8 bits. However, the size of z may be the same at the time of encryption and at the time of decryption, and may be arbitrarily set as long as it is larger than the maximum value of the pixel value and the output value of the pseudorandom number generator. The decryption function g (a, b) is an inverse function of f (a, b), and for f, g (a, b) = (ab) modz. Since the functions f and g are inverse functions of each other, the encryption function may be g and the decryption function may be f. Alternatively, the functions f and g may be replaced for each coordinate of the image to be processed.

  Although the pseudo random number generation device generates a value between 0 and 255, it may generate a value between -255 and 255. In this case, processing equivalent to replacing f and g for each coordinate can be performed simply by changing the setting of the pseudorandom number generator. Such a setting can be easily performed by causing the pseudo-random number generator to generate a 9-bit value and regarding 1 bit as a sign bit. The encryption function f () and the decryption function g () can be easily configured by using an adder and a comparator.

  FIG. 13 shows an example of a terminal incorporating the image generation / display apparatus of this embodiment. The terminal 1301 includes an image generation / output device 1304 and a display device 1302, and the image generation / output device 1304 and the display device 1302 are connected by a transmission cable 1303. The internal configuration of each device is as shown in FIG.

<Second Embodiment>
The image generation and display apparatus according to the second embodiment of the present invention employs the same configuration as that shown in FIG. 5, but relates to an example of displaying a color image.

  FIG. 16 shows a display image 1601 and a transmitted image 1602. Since the display image I and the transmission image information I ′ are configured to have no correlation, even if the information of the transmission image information I ′ is completely leaked, information about the display image I cannot be obtained. Although FIG. 16 shows a case of a gray image, since each RGB plane is similarly converted for a color image, information on a display image cannot be obtained even if a leakage electromagnetic wave is intercepted.

A general display device will be described in which when a color image is represented by 24 bits, information is transmitted after being decomposed into 8 bits for each of RGB. The display image generation device generates a display image and transmits the image to the encryption device. The encryption device decomposes each input 24-bit pixel value into three RGB planes and independently encrypts each plane. That is, when an input pixel value of coordinates (x, y) is expressed as I (x, y), I (x, y) is an RGB 3-plane I _R (x, y), I _G (8 bits each). x, y), I _B (x, y) and generate r _R (x, y), r _G (x, y), r _B (x, y) using a pseudo random number generator, Encryption result I ′ _R (x, y) = f (I _R (x, y), r _R (x, y)), I ′ _G (x, y) = f (I _G (x, y), r _G (x, y)), I ′ _B (x, y) = f (I _B (x, y), r _B (x, y)) is calculated. Here, the function f () is, for example, a function that calculates f (a, b) = (a + b) modz for two input values a and b and a certain value z.

It should be noted that if z is not a certain value (a value larger than a or b), it cannot be restored to the original value of a or b even if it is decoded using the mod operation. Therefore, the minimum value that z can take is set to a value that is one larger than the maximum value that can be taken as the input values a and b, or is a power of 2 that is larger than the maximum value that can be taken as the input values a and b. It is necessary to make it the smallest of these. If it is the latter, a high-speed process can be performed with a general computer.

In order to generate r _R (x, y), r _G (x, y), and r _B (x, y), for example, three different pseudorandom number generators are provided. The output of the first pseudorandom number generator is used to generate r _R (x, y), the output of the second pseudorandom number generator is used to generate r _G (x, y), The output of the third pseudorandom number generator is used to generate r _B (x, y). Alternatively, one pseudo-random number generator capable of generating 24 bits per unit time is provided, and the output result is expressed as r _R (x, y), r _G (x, y), r _B (x, y) by 8 bits. ) May be distributed. Here, the unit time is the time required to transmit one pixel. However, when the real time property is not required, the portion “per unit time” may be “per output (meaning that output may be performed in units of a plurality of pixels)”.

  The image encrypted by the encryption device is stored in the image storage device 506. The image output device 507 sequentially sends the image information stored in the image storage device 506 to the transmission cable 509. If the transmission cable 509 is an analog signal line such as VGA or DVI-A, DA conversion is performed at the time of transmission. The analog signal lines are connected in a one-to-one relationship, and the other terminal is connected to an image input device provided in the display device.

  The image input device 510 stores the data received through the transmission cable 509 in an internal buffer (not shown in FIG. 5). At this time, if the transmission cable 509 is an analog signal line, AD conversion is performed. The image information stored in the internal buffer is restored to the original image using the decoding device 511. At this time, the decryption device 511 uses the pseudo random number generation device 512 to generate a numerical sequence for decryption. The numerical sequence used here is synchronized with the pseudo-random number generator 512 used by the encryption device 504 so as to correspond to each coordinate of the received image.

  Further, as a means for obtaining synchronization, horizontal and vertical synchronizing signals representing the head pixel position of one screen are used. Conventionally, the horizontal and vertical synchronization signals are generally transmitted through the transmission cable 509, and it is not necessary to prepare a new wiring for transmitting the synchronization signal when implementing the method of the present invention.

  Also, in order to obtain the same numerical sequence at each coordinate, it is necessary to make the initial values the same between the pseudo random number generation device 505 for the encryption device 504 and the pseudo random number generation device 512 for the decryption device 511. There is. The initial value may be a fixed value in advance or may be different for each image. A method of setting a fixed value in advance is not necessarily preferable in terms of security because a pseudorandom number generation method and an initial value are known, so that a third party can generate the same pseudorandom number sequence. However, in the situation where an attacker cannot know the pixel value of the display image because the process of agreeing the initial value between the encryption device 504 and the decryption device 511 becomes unnecessary and the ease of implementation is improved. If so, it is very difficult to estimate the initial value, so that it can be effectively used in practice.

<Third Embodiment>
FIG. 6 shows an initialization for setting initial values of the pseudo random number generation device 505 used by the encryption device 504 and the pseudo random number generation device 512 used by the decryption device 511 in addition to the configuration shown in FIG. 1 shows a schematic configuration of an image generation and display device including a device 601.

  The initialization device 601 gives an initial value to the pseudorandom number generation device 505 at a certain timing. The set initial value is stored in the pseudo-random number generator 505 and used for the subsequent pseudo-random number generation. The generation start timing of the pseudo random number using the set initial value is synchronized with the vertical synchronization signal generated by the clock generation device 508, and is the time when the first vertical synchronization signal is generated after the initial value is set.

  The initial value given by the initialization device 601 is also set in the pseudo random number generation device 512 connected to the decryption device 511 through the image output device 507. The generation start timing of the pseudo random number generation device 512 connected to the decoding device 511 is synchronized with the vertical synchronization signal received by the image input device 510. If the first vertical synchronization signal after setting the initial value is set as the start timing, it can be synchronized with the pseudorandom number generation device 505 on the encryption device 504 side. Since the generation start timing of the pseudo random number using the set initial value is synchronized with the vertical synchronization signal, the initialization timing of the pseudo random number generation devices 505 and 512 can be arbitrarily set.

  Here, the initial value is transmitted through the image output device 507. However, in actual operation, the image information is always transmitted to the transmission cable 509, and it is difficult to secure the timing for transmitting the initial value separately. is there. A cable or wiring for initial value transmission may be provided, but transmission of the initial value is synchronized with a vertical synchronization signal or a horizontal synchronization signal, and several tens of pixels are continuous (for example) at a timing determined from the synchronization signal. A method of replacing the value of with an initial value may be used.

  In general, even if the pixel value of the display image changes slightly, it will not be recognized as a difference by the user viewing the display image, so it does not affect the quality of the display image and Thus, the initial value can be transmitted without performing new wiring. Instead of completely replacing the value with the initial value, a method of replacing some bits with the initial value may be used. For example, if only the lower bits are used for transmission of the initial value, the visual effect on the display image can be reduced. However, since a bit error occurs in the analog wiring, an error correction code is used to There is a need to encode the value. On the other hand, if only the upper bits are used, transmission with less influence of errors is possible. Of course, the initial value may be transmitted during a blank period in which display pixels are not transmitted. You may make it use the transmission method properly according to a condition. In this case, the pseudo random number generation device 512 included in the decryption device receives the initial value from the image input device 510 through the wiring 602.

<Fourth Embodiment>
FIG. 7 is a diagram showing a schematic configuration of an image generation and display apparatus according to the fourth embodiment of the present invention. The image generation / output device of the present embodiment is the same as the image generation / output device shown in FIG. 5 as components, but the arrangement thereof is different, and an encryption device 504 is provided after the image storage device 506.

  Since data on the image storage device 506 is often accessed from the CPU 515 or the like, if image information is stored in an encrypted state as in the configuration of FIG. 5, it must be decrypted each time it is read out. Therefore, when the processing speed is important, the configuration shown in FIG. 7 is used, and when an image is output by the image output device 507, encryption is performed in real time. This configuration also has the advantage of being easy to implement.

  The HDMI standard discloses a similar configuration using a logical encryption method and a digital transmission cable. However, in the present invention, the transmission cable 509 is an analog signal line, and the encryption device performs arithmetic encryption. Do. As already described, since data transmission using logical encryption on an analog signal line causes a failure of encryption, it is desirable to use the method of the present invention.

<Fifth Embodiment>
FIG. 8 is a diagram showing a schematic configuration of an image generation and display apparatus according to the fifth embodiment of the present invention. In addition to the configuration shown in FIG. 5, the image generation / display apparatus according to the present embodiment includes a display image processing apparatus 801 in front of the decoding apparatus 511 on the display apparatus side.

  Examples of image processing performed by the display image processing apparatus 801 include luminance modulation of an image. Depending on the brightness setting value input by the user from the operation panel of the display device 502, the entire or part of the image is displayed brightly or darkly. In the display device 502 of the present embodiment, the pixel value is increased, Or make it smaller. This processing is addition / subtraction or multiplication of numerical values, and cannot be performed while logical encryption is performed.

  However, in the image generation / output device 501 of the present invention, since the pixel value is arithmetically encrypted, the pixel value can be changed while maintaining the encryption state. In the case of performing luminance modulation using multiplication, it is also necessary to modulate the numerical sequence generated by the pseudo-random number generator using the same method.

<Sixth Embodiment>
FIG. 9 is a diagram showing a schematic configuration of an image generation and display apparatus according to the sixth embodiment of the present invention. In addition to the configuration of FIG. 5, the image generation / display apparatus of the present embodiment includes an encryption state conversion apparatus 901, a pseudo-random number generation apparatus 902, and an image input apparatus 510 on the display apparatus 502 side and a decryption apparatus 511. And a display image processing device 801.

  The encryption state conversion apparatus 901 performs the second encryption state (for example, addition / subtraction encryption) without decrypting the image in the first encryption state (for example, the logically encrypted state) into the original image. State). Here, the encryption state is a state where encryption is performed using a certain encryption algorithm.

  In a generally known stream encryption method, an exclusive OR operation is performed on a numerical string generated using a pseudo-random number generator and data to be encrypted. The HDCP standard encryption method also uses a method of performing an exclusive OR operation on a numerical sequence generated using a pseudo-random number generator combined with a feedback shift register and image data. In this specification, this method is called a logical encryption method.

  Since the logical encryption method is high-speed processing, it is a method suitable for encrypting high bit rate data such as an image. However, as described above, since logical encryption breaks down when data transmission is performed using an analog signal line (VGA), logical encryption cannot be used.

  However, in order to perform arithmetic processing such as luminance value conversion, it is necessary to cancel the logical encryption once, perform the processing, and then encrypt again.

  In the present embodiment, the encryption state conversion device 901 on the display device 502 side converts the logical encryption state into the arithmetic encryption state without decryption immediately before performing data transmission using the analog signal line. Also, when performing arithmetic processing such as luminance value conversion, the encryption state conversion device 901 is used to convert the encryption state from the logical encryption state to the arithmetic encryption state. The arithmetically encrypted image information may be transmitted as it is, and decrypted using the decryption device 511 immediately before the image display device 513, or after the data transmission using the analog signal line, the arithmetic encryption state is resumed. You may convert into a logic encryption state.

  The encryption state conversion device 901 internally has a reference table (not shown) in order to convert the encryption state without performing decryption. This reference table may be calculated at the time of initialization and recorded in the volatile storage device, or may be recorded in the nonvolatile storage device for all cases that may occur in advance. For example, consider a case where a pixel value j in a logical encryption state using a certain value r is converted into a pixel value k in an arithmetic encryption state using the same value r. That is, if the pixel value of the original image is p, j = p xor r and k = (p + r) modz. Note that z may be a value such as 256 if p and r are 8 bits. At this time, the conversion formula h is obtained so that k = h (j, r), and the value of k for all j and r is calculated in advance and recorded in the reference table. In this example, h (j, r) = ((j xor r) + r) modz. When this is implemented without using a reference table, the pixel value p of the original image appears on the memory of the computer at the stage of calculating j xor r, which affects the leaked electromagnetic wave. Therefore, it is desirable to use a reference table for the conversion of the encryption state, not a real-time calculation. However, as the number of bits of j and r increases, the size of the reference table increases. Therefore, it is not always necessary to prepare a reference table for all j and r. Alternatively, a reference table may be created for only a part selected arbitrarily, and the rest may be obtained by calculation.

  The image generated by the display image generation device 503 is encrypted (for example, logically encrypted) using the encryption device 504 and stored in the image storage device 506. The image stored in the image storage device 506 is output to the image input device 510 via the transmission cable 509 using the image output device 507.

  The image input device 510 performs AD conversion as necessary, and sends the result to the encryption state conversion device 901. The encryption state conversion device 901 converts the encryption state as necessary. For example, when the transmission cable 509 is a digital signal line such as DVI-D and the encryption device 504 performs logical encryption, the encryption state conversion device 901 performs processing in the display image processing device 903 at the subsequent stage. In addition, the encryption state is converted from the logical encryption state to the arithmetic encryption state. When the transmission cable 509 is an analog cable and the encryption device 504 performs arithmetic encryption, the encryption state conversion device 901 does not perform any special processing.

  The output of the encryption state conversion device 901 is sent to the display image processing device 801. The processing result is decrypted by the decrypting device 511. The image display device 513 displays the processing result on the screen using the synchronization signal obtained from the clock conversion device 514.

  The pseudo-random number generators 505, 902, 512 of the present invention are synchronized and configured to obtain the same pseudo-random number sequence. An example of a specific configuration method is as described above.

  The image output device 507 adds the information indicating the encryption state to the encrypted image header and outputs it, and the image input device 510 determines the encryption state based on the header information and converts the encryption state. The apparatus 901 may determine whether to convert the encryption state.

<Seventh Embodiment>
FIG. 10 is a diagram showing a schematic configuration of an image generation and display apparatus according to the seventh embodiment of the present invention. The image generation / display apparatus according to the present embodiment includes an image generation / output apparatus 501, an image encryption apparatus 1001, and a display apparatus 502.

  The image generation / output device 501 has components excluding the encryption device and the pseudo-random number generation device from the configuration of FIG. In the image generation output device 501, the image generated by the display image generation device 503 is stored in the image storage device 506, and the image stored in the image storage device 506 is output from the image output device 507.

  The image input device 1002 of the image encryption device 1001 receives the output of the image output device 507 and transfers it to the encryption device 504. The encryption device 504 encrypts the image using the received pixel data and the output of the pseudorandom number generation device 505, and outputs the result to the display device 502 side through the transmission cable 509 using the image output device 1003.

  The image input device 510 in the display device 502 receives the encrypted image information through the transmission cable 509. The input image information is decoded by the decoding device 511, and the image display device 513 displays the decoding result on the screen.

  In this embodiment, since the image encryption device 1001 is independent, an existing computer or the like can be used as it is as the image generation / output device 501. Although the risk of intercepting information from the wiring between the image generation / output device 501 and the image encryption device 1001 is not at all zero, it is very short compared to the transmission cable 509. It can be kept very low. In this way, information leakage can be prevented without changing the configuration of an existing computer, so that the cost for introducing equipment can be minimized.

<Eighth Embodiment>
FIG. 11 is a diagram showing a schematic configuration of an image generation and display apparatus according to the eighth embodiment of the present invention. The image generation / display apparatus according to the present embodiment includes an image generation / output apparatus 501, a first image encryption state conversion apparatus 1101, a second image encryption state conversion apparatus 1102, and a display apparatus 502. .

  The image generation / output device 501 has a configuration in which the pseudo-random number generation device is excluded from the configuration in FIG. 5, and after the display image is encrypted, the image output device 507 outputs the encrypted image. Here, the encryption device 501 performs logical encryption, for example.

  The first encryption state conversion device 1101 receives the image information output from the image generation output device 501 by the image input device 1103, and converts the encryption state using the encryption state conversion device 901 (logical encryption state). Is converted into an arithmetic encryption state), and the result is output using the image output device 114.

  The second encryption state conversion device 1102 receives the image information output from the first image encryption state conversion device 1101 by the image input device 1105, and converts the encryption state using the encryption state conversion device 1106. After converting the arithmetic encryption state to the logical encryption state, the result is output using the image output device 1108 together with the pseudorandom number generated by the pseudorandom number generation device 512.

  The display device 502 receives the image information output from the second encryption state conversion device 1102 by the image input device 510 and supplies the result to the decryption device 511. The output of the decoding device 511 is displayed on the screen by the image display device 513.

  The image generation / display apparatus according to the present embodiment assumes a general general-purpose computer as the image generation / output apparatus 501 and a general liquid crystal monitor as the display apparatus 502. The image generation / output device 501 and the first encryption state conversion device 1101 are digitally connected by DVI, HDMI, or the like. In addition, the first image encryption state conversion device 1101 and the second image encryption state conversion device 1102 are analog-connected by VGA or the like. The second image encryption state conversion device 1102 and the display device 502 are digitally connected by DVI, HDMI, or the like. In this way, when the wiring cable incorporated in the building or apparatus is an analog signal line such as VGA, the digital apparatus can be connected while maintaining the encrypted state of the image data. ing. Therefore, according to the present embodiment, encryption can be performed without changing the existing infrastructure.

<Ninth Embodiment>
FIG. 12 is a diagram showing a schematic configuration of an image generation and display apparatus according to the ninth embodiment of the present invention. The image generation / display apparatus according to the present embodiment includes an image generation / output apparatus 501, an image encryption apparatus 1001, an image decryption apparatus 1201, and a display apparatus 502.

  The image generation / output device 501 outputs the image generated by the display image generation device 503 using the image output device 507. The output wiring of the image output device 507 is connected to the image input device 1103 of the image encryption device 1001, and the image input device 1103 supplies the received image to the encryption device 505. The encryption device 505 encrypts the image using the pseudorandom number generated by the pseudorandom number generation device 505 (for example, addition / subtraction encryption). The image output device 1104 outputs encrypted image information. The output wiring 509 of the image encryption device 1001 is connected to the image input device 1105 of the image decryption device 1201.

  The image input device 1105 supplies the received encrypted image information to the decryption device 511. The decryption device 511 decrypts the encrypted image information. The image output device 1108 outputs the decoding result. The output of the image output device 1108 is connected to the image input device 510 of the display device 502.

  The image input device 510 supplies the received decoded image to the image display device 513. The image display device 513 displays an image on the screen based on the clock supplied from the clock conversion device 514.

  The image generation and display apparatus according to the present embodiment assumes a general general-purpose computer as the image generation and output apparatus 501 and a general liquid crystal monitor or projector as the display apparatus 502. An analog signal line such as VGA is connected between the image generation / output device 501 and the image encryption device 1001, between the image encryption device 1001 and the image decryption device 1201, and between the image decryption device 1201 and the display device 502. Has been. Therefore, this is a suitable configuration when it is necessary to use an existing analog cable such as a building or a large terminal.

  FIG. 14 is a diagram illustrating an example of an external configuration of the image generation display device according to the present embodiment. The image generation display device 1401 is a general-purpose computer, and an image encryption device 1402 is connected to the output thereof. The image encryption device 1402 and the image decryption device 1404 are connected by an analog cable 1403, and the output of the image decryption device 1404 is connected to the liquid crystal monitor 1405.

<Summary>
According to each embodiment of the present invention, by encrypting a display image (arithmetic encryption, particularly addition / subtraction encryption), it is possible to disturb leaked electromagnetic waves and thereby prevent acquisition of synchronization information by an eavesdropper. . That is, even if synchronization information is obtained, it is difficult to obtain information about the original image, and it is difficult to obtain the synchronization information itself. The disturbance of the leaked electromagnetic wave is easily understood because the correlation between the display image and the transmission information is eliminated by adjusting the numerical sequence obtained from the pseudorandom number generator. In the following, the difficulty of acquiring synchronization information will be described.

  The synchronization information transmitted together with the image information is generally transmitted at a voltage equivalent to the image information, that is, a signal level. Therefore, it is difficult to separate the synchronization information included in the leaked electromagnetic wave from the image information included in the leaked electromagnetic wave. That is, since accurate synchronization information Is cannot be obtained, it is difficult for an eavesdropper to reproduce the display image I without searching for Is.

  The display image I is transmitted to the monitor in a streaming format. That is, in the case of two-dimensional image information, data is transmitted in order from the upper left coordinate toward the right, and when the right end is reached, the subsequent data is transmitted from the left end of the next row. This operation is the same as the scanning operation when the CRT monitor draws an image. Of course, as long as it is sent by streaming, no matter what part of the image is transmitted first, this does not preclude the application of each embodiment. Further, the image I may be divided into a plurality of streams such as for each line and transmitted in parallel. Since it is sufficient that the stream is reproduced on the receiving side, in particular, in the case of performing digital transmission, some information is not always transmitted in the order described above. Although there are variations in such mounting, if attention is paid to the part where the image I is transmitted in the streaming format, it is easy to apply the technique of the present invention to protection of only a part of the image information.

  In general, since the image information is continuously transmitted from the time of starting the computer or the like, the interceptor cannot know the transmission start time of a certain image I.

  However, assuming a general image display, it is assumed that images are transmitted at a rate of 60 frames per second, and images of the same content are considered to be transmitted continuously over a plurality of frames. It is possible to find the timing at which the same information is transmitted and to know the time at which the image I is transmitted by using a technique for finding the position of the repetitive pattern called template matching. It is possible to know the synchronization information Is by looking at the cycle in which the image I is repeated using the method described above.

  However, in each embodiment, since the transmission image is encrypted, it is difficult to obtain information about the display image even if the intercept data is analyzed. That is, it is difficult to find a repeated pattern by pattern matching. Moreover, even if the same display image is continuous, if the time is different, the output pattern of the pseudorandom number generator is configured to be different, so that the transmitted image information becomes a different pattern, and pattern matching is performed for the eavesdropper. There can be no repeated pattern as a basis for application. Therefore, if the information display device of the present invention is used, it is difficult for the eavesdropper to find the synchronization information.

  As a result, the image I is exchanged only between authorized communicators. In addition, since the synchronization information Is varies from device to device due to manufacturing variation or the like, even if the synchronization information of a certain device leaks, the eavesdropper needs to newly search for the synchronization information of other devices. In addition, since a clock generation device that generates synchronization information generally fluctuates due to a temperature change, even the same device cannot be intercepted using the same synchronization information if the time is different.

  In each embodiment, if a random number generator is further provided and the synchronization information is configured to be different for each transmission of information or for a certain period of time using the random number generator, one information is temporarily leaked at a certain time But other information is kept safe.

  As described above, it is possible to realize an information transmission device and an information transmission unit that can safely transmit and receive information in response to external information interception by a third party.

201: Central processing unit 202: Primary storage unit 203: Image processing unit 204: Monitor (display)
205, 308: Input / output port 206: Secondary storage device 207: Internal bus 401: ATM
402: ATM display unit 403: ATM operation unit 404: ATM card reader unit 405: ATM deposit / withdrawal unit 406: ATM control unit 407: ATM storage unit 408: ATM communication unit 409: ATM sensor unit 410: ATM voice generation unit 501: Display image generation / output device 502: Display device 503: Display image generation device 504: Encryption device
505: Pseudorandom number generator
506: Image storage device 507: Image output device 508: Clock generation device 509: Transmission cable 510: Image input device 511: Decoding device 513: Image display device 514: Clock conversion device 601: Initialization device 602: Internal bus 801: Display image processing device 901: Encryption state conversion device 1001: Image encryption device 1203, 1404: Image decryption device 1101, 1102: Image encryption state conversion device 1301: Terminal device

Claims (12)

An information processing system comprising an image generation device that generates an image and a display device that displays the image sent from the image generation device via a transmission path,
The image generation device includes:
An encryption unit that encrypts the image by addition / subtraction encryption and generates an encrypted image;
An output unit that outputs the encrypted image to the transmission path;
The display device
An input unit for receiving the encrypted image;
A decryption unit that decrypts the encrypted image by an inverse function of the function used in the addition / subtraction encryption;
And a display unit that displays the decoded image on a screen. The image generation apparatus further includes a first pseudo random number generation unit that generates pseudo random numbers,
The encryption unit encrypts the image using the pseudo random number generated by the first pseudo random number generation unit,
The display device further includes a second pseudo random number generator that generates the same pseudo random number as the pseudo random number generated by the first pseudo random number generator,
The information processing system according to claim 1, wherein the decryption unit decrypts the encrypted image using the pseudo random number generated by the second pseudo random number generation unit. The image generation apparatus further includes a clock generation unit that generates a synchronization signal,
The output unit outputs the synchronization signal to the transmission path,
The information processing system according to claim 2, wherein the first and second pseudorandom number generators are initialized in synchronization with the synchronization signal. The image generation apparatus further includes an initialization unit that gives an initial value to the first pseudo-random number generation unit,
The output unit outputs the initial value together with the synchronization signal,
The information processing system according to claim 3, wherein the second pseudo random number generation unit generates the pseudo random number using the initial value. The encryption unit performs an encryption process by calculating (X + Y) mod Z, where X is the output value of the first pseudo random number generation device and Y is the image with respect to a predetermined value Z.
The decryption unit performs a decryption process by calculating (W−X) modZ, where X is an output value of the second pseudorandom number generation device and W is the encrypted image. 2. The information processing system according to 2. The display device further includes a display image processing unit that performs predetermined image processing on the encrypted image while maintaining the encrypted state.
The information processing system according to claim 1, wherein the decryption unit decrypts the encrypted image subjected to the predetermined image processing. An information processing system comprising an image generation device that generates an image and a display device that displays the image sent from the image generation device via a transmission path,
The image generation device includes:
An encryption unit that performs a first encryption process on the image and generates a first encrypted image;
An output unit that outputs the first encrypted image to the transmission path;
The display device
An input unit for receiving the first encrypted image;
An encryption state conversion unit that directly executes a second encryption process without decrypting the first encrypted image and generates a second encrypted image;
A decryption unit for decrypting the second encrypted image;
And a display unit that displays the decoded image on a screen. The first encryption process is a logical encryption process;
The second encryption process is an addition / subtraction encryption process,
The information processing system according to claim 7, wherein the decryption unit decrypts the second encrypted image using an inverse function of the function used in the addition / subtraction encryption. An image generation device that generates an image, an image encryption device that encrypts the image and outputs an encrypted image to a transmission path, and the encryption sent from the image encryption apparatus via the transmission path An information processing system comprising: a display device that decodes and displays a digitized image;
The image generation device includes:
A first output unit that outputs the generated image to the image encryption device;
The image encryption device includes:
A first input unit for receiving the image from the first output unit;
A first pseudo-random number generator for generating pseudo-random numbers;
An encryption unit that encrypts the image by addition / subtraction encryption using the pseudo random number and generates an encrypted image;
A second output unit that outputs the encrypted image to the transmission path,
The display device
An input unit for receiving the encrypted image;
A second pseudo-random number generator that generates the same pseudo-random number as the pseudo-random number generated by the first pseudo-random number;
A decryption unit that decrypts the encrypted image using an inverse function of the function used in the addition / subtraction encryption using the pseudo-random number;
And a display unit that displays the decoded image on a screen. An image generation device that generates a first encrypted image by a first encryption process;
A first encrypted state conversion device that converts the first encrypted image into a second encrypted image and outputs the converted image to a transmission path;
A second encrypted state conversion device that converts the second encrypted image sent from the first encrypted state conversion device via the transmission path into the first encrypted image;
A display device for decrypting and displaying the first encrypted image by a decrypting unit;
An information processing system comprising: The image generation device generates the first encrypted image using logical encryption,
The first encryption state conversion device converts the first encrypted image into the second encrypted image subjected to addition / subtraction encryption,
The second encryption state conversion device converts the second encrypted image into the first encrypted image using an inverse function of the function used for the addition / subtraction encryption,
The information processing system according to claim 10, wherein the decryption unit in the display device performs decryption processing using an inverse function of the function used for the logical encryption. An image generation device that generates an image, an image encryption device that encrypts the image and outputs an encrypted image to a transmission path, and the encryption sent from the image encryption apparatus via the transmission path An information processing system comprising: an image decoding device that decodes an encoded image; and a display device that displays an image decoded by the image decoding device,
The image generation device includes:
A first output unit that outputs the generated image to the image encryption device;
The image encryption device includes:
A first input unit for receiving the image from the first output unit;
A first pseudo-random number generator for generating pseudo-random numbers;
An encryption unit that encrypts the image by addition / subtraction encryption using the pseudo random number and generates an encrypted image;
A second output unit that outputs the encrypted image to the transmission path,
The image decoding device includes:
An input unit for receiving the encrypted image;
A second pseudo-random number generator that generates the same pseudo-random number as the pseudo-random number generated by the first pseudo-random number;
A decryption unit that decrypts the encrypted image using an inverse function of the function used in the addition / subtraction encryption using the pseudo-random number;
The display device
An information processing system comprising: a display unit that displays the decoded image on a screen.

Images