KR20000028666A - Embedded information detection method and system - Google Patents

Abstract

PURPOSE: A system is provided to efficiently and safely detect additional information, which is buried in data, by an electronic water mark by the combination of a smart card and a computer. CONSTITUTION: A system(100) includes a CPU(1) and a memory(4). The CPU and the memory are connected to a hard disk device(13) as an assistant memory device through an IDE controller(25) by a bus(2). Moreover, the CPU and the memory are connected to a hard disk device(30) as the assistant memory device through an SCSI controller(27) by the bus. A floppy disc(20) is connected to the bus through a floppy disc controller(19). The system is connected to a network through a serial port(15), a modem, or a communication adaptor(18) while communicating with another computer. Moreover, a remote transmitter/receiver is connected to the serial port or to a parallel port(16) for transmitting data by infrared rays or waves. Also, the transmission of data with a tamper resistant device such as a smart card is performed by connecting a tamper resistant device leader to the communication adaptor or to the serial port of the system.

Description

EMBEDDED INFORMATION DETECTION METHOD AND SYSTEM

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a system for detecting additional information embedded electronically. In particular, the additional information embedded in data (e.g., image data, etc.) by an electronic watermark can be added to a combination of a smart card and a computer (server, etc.). The present invention relates to a system, a method, and a medium including the program for safely and efficiently detecting the same.

In order to spread the digital watermark technology until it is widely used by the general user, it is preferable that the detection of additionally embedded additional information (watermark) can be safely performed at an unspecified number of places. However, in the conventional electronic watermarking technique, a symmetric key system is used in which the embedding and detection keys are the same. Therefore, there is a risk that the secret key used when embedding the additional information is stolen from a detection device that detects the additional information. There was this. Thus, a method and system for maintaining the secret key in a device having physical tamper resistance (large rewriting) while maintaining the detection efficiency of the side information is desirable.

At present, one of the most influential devices with tamper resistance is a smart card. A smart card is an intelligent card type device having a CPU and a memory in the card. The information stored inside is protected by a password or the like, and has a structure (tamperproof) in which the internal information cannot be read or rewritten in an illegal manner. This allows users to keep their personal data secure. The consumer's personal information (card number, consumer's secret key, etc.) is generally stored in a smart card to ensure safety and portability. However, due to the size and shape characteristics of the smart card, the calculation speed and the memory capacity are limited. Therefore, there is a need for a method and system for safely and efficiently detecting additional information while covering limitations on processing capacity and storage capacity of a smart card.

Accordingly, the problem to be solved by the present invention is to provide a method and a system in which detection of electronically embedded additional information can be safely performed in an unspecified number of places.

Another object is to provide a method and system for detecting additional information according to the cooperative operation of the tamper resistant device and the server.

Another object is to provide a method and system for safely and efficiently detecting additional information while covering limitations in processing capacity and storage capacity of a tamper resistant device.

Another object is to provide a method and system for safely and efficiently detecting additional information by performing a high security calculation with a tamper resistant device and allowing the server to perform other calculations.

In addition, another problem is to provide a method and system for safely and efficiently detecting additional information by performing a minimally necessary calculation for extracting additional information with a tamper resistant device and having a server perform more internal calculations than necessary to maintain security. It is.

In order to solve the above problem, first, the server reads the data in which the additional information is embedded and requests the tamper resistant device containing the secret key from the server to request the embedded information to be embedded. At this time, the server reads the mask pattern from the mask data, calculates the inner product of the mask pattern and the data in which the additional information is embedded, and transmits the result of calculating the inner product to the tamper resistant device. In the tamper resistant device, at the time of embedding determination of the additional information, the value of the inner product transmitted from the server is added, and the threshold value is determined using the secret key. With such a configuration, the dot product calculation of data and mask patterns can be left to the server side with a high computational speed, and only the addition processing and threshold value determination with high security can be performed on the tamper resistant device side. This means that the tamper resistant device performs the minimum internal calculation necessary for extracting additional information (message), and the server performs more verbose internal calculations than necessary to maintain security. Accordingly, there is provided a method and system in which detection of electronically embedded additional information can be safely performed in an unspecified number of places.

1 shows a conceptual diagram of the present invention. Under the secure environment, the additional information (message) embedded in the data 110 (in this case, image data) using the secret key is transmitted to the general user side (under the unsecured environment) through the Internet provider 120. In this case, the server 130 causes only the calculation that does not use the secret key for the data in which the additional information is embedded. The calculation for embedding determination using the secret key is configured to request a tamper resistant device (in this case, smart card: 140) connected to the tamper resistant device reader (in this case, smart card reader: 150).

1 is a conceptual diagram of the present invention.

2 shows an outline of a system configuration of the present invention.

3 is a conceptual diagram of operation in a tamper resistant device (smart card).

4 is a calculation flowchart in the server.

Fig. 5 is a calculation flowchart of the tamper resistant device (smart card) of the present invention.

Fig. 6 is a diagram showing a memory comparison table for detecting additional information.

7 is a diagram showing one embodiment of a hardware configuration of a server used in the present invention.

8 is an overview of a server connected to a tamper resistant device reader.

<Description of the code | symbol about the principal part of drawing>

110: data

120: provider

130: server

140: smart card

150: smart card reader

Before describing an embodiment of the present invention, an electronic watermark as the basic technique of the present invention will be described. This electronic watermark technology is disclosed in Japanese Patent Application Laid-Open No. 8-345568, Japanese Patent Application No. 8-348426, and the like. It is briefly described below.

It is assumed that the image content data is composed of NxN pixels. If the size of the pixel block to be subjected to the mask process is kxk, the image data is composed of blocks of IS = (N / k) ² . Let this be Ii (i = 0, 1, ..., IS-1). Subsequently, a mask pattern of elements m '{-1, 0, 1} and size kxk is prepared. In this condition, the sum of elements is 0 and the patterns must be orthogonal to each other. Add the sign inversion pattern multiplied by -1 to each element of the pattern thus created. For example, a 4x4 pattern is considered as follows, and this becomes eight patterns Mp (p = 0, 1, ..., 7) in combination with sign inversion.

Here, the message embedding operation is performed as follows. Substitute 0 by -1 in the bit string of the message to Bj∈ {-1, 1}, (j = 0, 1, ..., J-1). The total number of patterns is K. Let ri be the result of the random number generator with seeds as follows.

Ii '= Ii + Hp * Bj where p = ri mod K and j = ri mod J

In addition, the detection of the message of the bit position q calculates the sum of the dot product of Ii and Mp with respect to the random number sequence ri which generate | occur | produced from the same seed as the embedding, and i for ri mod J = q as follows:

Sq = Σ (Ii ', Mp) where p = ri mod K, j = ri mod J

Bq = 1 if Sq≥T

Bq = 0 if Sq≤-T

If -T <Sq <T, it is determined that there is no landfill.

That is, in the electronic watermark which is the basic technique of the present invention, it is an important point in security that which block is embedded in which mask pattern and which bit of the message corresponds. Further, since one bit information is embedded in a plurality of blocks by different mask patterns, even if the same noise as a certain mask pattern is applied to the entire surface, the bit information cannot be eliminated. In the present invention, it is intended that the correspondence between the mask pattern and the block position is the point of security, the correspondence is performed in the smart card, and the internal calculation of the data and the mask pattern is left to the server. At this time, the inner product calculation with the mask pattern irrelevant to the server (not necessary for embedding determination) is performed, so that corresponding information is not leaked. 2 shows an outline of the system configuration of the present invention. As shown in Fig. 2, the server calculates the inner product of the image data and the mask pattern read from the mask data, and transmits the result to the smart card, which is a tamper resistant device. On the other hand, on the smart card side, after the distribution and addition of the transmitted inner data is carried out using the nested secret key, the threshold value is determined to embed the additional information embedded (message extraction).

The calculation at the server is explained in more detail. The mask pattern given to the server is given by the linear combination of the mask patterns used for embedding. The set of mask patterns used for landfill {M ₀ , M ₁ ,. . , M _K-1 , -M ₀ , -M ₁ ,. , -M _K-1 }, the inversion pattern is regarded as the same since only the inner product is negative, and a new pattern is formed by linear transformation of K-dimensional vectors. That is, [M ₀ , M ₁ ,. . , M _K-1 ] is a K-dimensional column vector, and P is a K-dimensional regular matrix,

[M ' ₀ , M' ₁ ,. . , M ' _K-1 ] ^T = P [M ₀ , M ₁ ,. . , M _K-1 ] ^T

Is given by For example, for the mask pattern M _P ,

Of the result of conversion to {M ' ₀ , M' ₁ ,. . , M ' ₃ } is as follows.

The server is given by {M ' ₀ , M' ₁ ,. . , M ' _K-1 }, to calculate the inner product with the image. First, the inner product of M ' ₀ and the image block and the whole image are calculated and sent to the smart card. Repeat this in turn, changing the mask pattern. That is, the data string sent to the smart card is as follows.

4 shows a calculation flowchart in the server. First, the internal variables i and j are initialized to zero. In step 410, the mask pattern Mi 'is read from the mask data Mk'. In step 420, the image block Ij is read from the image data, and the dot product of Mi 'and Ij is calculated in step 430. The calculation result is sent to the smart card reader connected to the smart card reader. Then, in step 440, j is incremented to determine whether or not the image block is completely finished. If it is finished, i is incremented in step 450 to determine whether the entire mask pattern has been applied, and if so, the process ends. do.

The calculation in the smart card, which is a tamper resistant device, will now be described in more detail. 3 illustrates a conceptual diagram of operation in a smart card. As shown in Fig. 3, a random number is generated from an embedded secret key (in this case, corresponding to the random number seed), and the input data string is distributed and added as a bit string memory using this. If the result exceeds a certain threshold, it is determined that there is additional information (message) embedding. More specifically, a reconstruction function is created from a secret key and a mask pattern conversion matrix contained in the tamper resistant device, and embedding determination is performed by giving data transmitted from the server to this reconstruction function. In addition, the result of this reconstruction function is equivalent to the internal value of the mask pattern at the time of embedding additional information (message), and data (image data, etc.).

In the smart card, the data strings DS = {ds ₀ , ₀ , ds ₀ , ₁ , ..., ds which are sequentially transmitted to the memory array mj (j = 0, ..., J-1) prepared with the message bit length J minutes are provided. _K-1 , _IS-1 } (L = K * IS) are distributed, weighted and added. First, the distribution of ds _k and _i selects the message memory mj specified by j = ri mod J using the random number sequence r _i (the period of the random number is IS) generated from the same seed as the embedding. Subsequently weighted, the embedding mask pattern should be detected with Mq specified by q = ri mod K, but since the detection pattern is transformed according to the transformation matrix P, the inverse matrix P ⁻¹ (= {p _ij }),

Mq = Σp _qj * Mj '

For Thus, ds _{k, i} adds the ds _{k, i} * p _qk.

For example, P- ₁ is as follows.

Therefore, the thing embedded in the pattern M ₀ can be detected as 1/2 M ' ₀ + 1/2 M' ₁ . Therefore, if the i-th of the pixel block is embedded in M ₀ , the product of the i-th data string ds ₀ , _i is multiplied by 1/2, and 1 / _i is also applied to the i + IS-th data string ds ₁ , _i . Add the product of two.

Fig. 5 shows a calculation flowchart of the tamper resistant device (smart card) of the present invention. First, in step 510, the internal variable k is initialized to 0, and in step 520, the random number seed which is a secret key is read out, and it is set as the value of the random number r ₀ of internal variable i = 0th. In step 530, the internal data string ds is read from an external interface such as a serial port of the server. Subsequently, in step 540, the index j of the message memory and the index q of the mask pattern for detection are calculated in step 550. In step 560, P _qk is read from the mask pattern conversion matrix P ^-1 , and the weighted calculation of the extraction pattern is performed. Do it. In step 570, the message memory is updated, and in step 580, the end variable is incremented by incrementing the internal variable i. If not, the process returns to step 530 again. If it is an end, in step 590 the internal variable k is incremented to make an end judgment. If not, the process returns to step 520. If it is the end, additional information (message) extraction ends by the contents of the message memory.

Finally, the test and extraction of the additional information (message) determines that the message is buried if | min (mj) | ≥T for the threshold T, and in that case, for each message memory mj,

Bj = 1 if mj≥0

Bj = 0 if mj <0

Configure the message bit stream as.

7 shows one embodiment of the hardware configuration of the server used in the present invention. The system 100 includes a central processing unit (CPU) 1 and a memory 4. The CPU 1 and the memory 4 are connected via the bus 2 via a hard disk device 13 (or a storage medium drive device such as MO, CD-ROM23, DVD, etc.) and the IDE controller 25 through the bus 2. Doing. Similarly, the CPU 1 and the memory 4 are connected via the bus 2 through the hard disk device 30 (or a storage medium drive device such as MO28, CD-ROM23, DVD, etc.) and the SCSI controller 27 as an auxiliary storage device. You are connected. The floppy disk device 20 is connected to the bus 2 via the floppy disk controller 19.

A floppy disk is inserted into the floppy disk device 20, and the floppy disk or the like, the hard disk device 13 (or a storage medium such as an MO, CD-ROM, DVD, etc.), and the ROM14, in cooperation with the operating system, are used for the CPU and the like. A command can be given and a card or data of a computer program for carrying out the present invention can be recorded and executed as it is loaded into the memory 4. Preferably, mask data for internal calculation is stored in the hard disk device 13. The code of this computer program can be compressed or divided into plural and recorded in plural media.

The system 100 also includes a user interface hardware and a pointing device (mouse, joystick, etc.) 7 for input, a keyboard 6 or a display 12 for presenting visual data to the user. ) May be provided. The display 12 may display a result of embedding determination of additional information by the tamper resistant device. It is also possible to connect a printer via the parallel port 16 or to connect a modem via the serial port 15. The system 100 can connect to a network via a serial port 15 and a modem or communication adapter 18 (Ethernet, token ring card, etc.), and communicate with another computer. It is also possible to connect a remote transceiver to the serial port 15 or the parallel port 16 to transmit and receive data by infrared rays or radio waves. As shown in FIG. 8, the tamper resistant device reader 810 is connected to the serial port 15 or the communication adapter 18 of the system 100, and through this, data of the data with a tamper resistant device such as a smart card is connected. Transmit and receive. In addition, although the tamper resistant device reader 810 is externally connected in FIG. 8, the embodiment in which the tamper resistant device reader 810 is embedded inside the system 100 can be implemented in the same manner without departing from the essence of the present invention.

The speaker 23 of the system 100 receives the audio signal D / A (digital / analog conversion) converted by the audio controller 21 through the amplifier 22 and outputs it as audio. In addition, the audio controller 21 makes it possible to A / D (analog / digital) conversion of the voice information received from the microphone 24 and to introduce voice information external to the system into the system.

As described above, the server of the present invention is a personal computer (PC), a workstation, a notebook PC, a palmtop PC, a network computer, various home appliances such as a television with a computer, a game machine equipped with a communication function, a telephone. It will be easy to understand what can be implemented by a communication terminal having a communication function including a FAX, a mobile phone, a PHS, an electronic notebook, or the like, or a combination thereof. However, these components are illustrative, and not all of them become essential components of the present invention.

Fig. 6 shows a comparison table of the required memory when detecting additional information using only a PC and when collaborating with a smart card and a server. In FIG. 6, the example in the case where image data size (image size) is 512X512 (top) and 1024X1024 (bottom) is shown. The smart card performs the minimum internal product calculation necessary for extracting additional information (message), and the server performs more detailed internal product calculations than necessary to maintain security.

According to the present invention, the tamper resistant device and the server can cooperate and detect additional information safely and efficiently. By the detection system of the present invention, detection of additionally embedded additional information can be performed safely at an unspecified number of places.

Claims (12)

A system for detecting side information embedded in data using a tamper resistant device and a server, the system comprising: (1) means for the server to read the data in which the additional information is embedded; (2) means for requesting the tamper resistant device connected to the server from the server to determine whether the additional information is embedded; (3) a means for the tamper resistant device to make an embedding decision of the additional information by using a secret key embedded in the tamper resistant device Additional information detection system characterized in that it comprises a. The method of claim 1, The means (2) for requesting embedding of the additional information is determined by the server reading a mask pattern, calculating a dot product of the mask pattern and data in which the additional information is embedded, and calculating a result of the dot product of the tamper resistant device. The additional information detection system, characterized in that the means for transmitting. The method of claim 1, The tamper resistant device is connected to the server by a tamper resistant device reader. The method of claim 2, And the means (3) for embedding the additional information distributes and adds the value of the dot product transmitted from the server by using the secret key, and then performs a threshold determination. The method of claim 2, The data is image data, and the dot product of the data and the mask pattern is dot product of the image data and the mask pattern. The method of claim 2, The inner product calculation of the mask pattern and the data in which the additional information is embedded includes a lengthy inner calculation that is not necessary for the embedding decision. The method of claim 3, The tamper resistant device is a smart card, and the tamper resistant device reader is a smart card reader. A tamper resistant device for detecting additional information embedded in a data string, (1) means for reading a secret key embedded in the tamper resistant device, (2) means for reading data strings from the outside, (3) means for calculating additional information from the data string using the secret key Tamper resistant device comprising: a. A server for requesting determination of whether additional information is embedded in data for a tamper resistant device, (1) means for reading a mask pattern, (2) means for reading data in which additional information is embedded; (3) means for calculating the inner product of the data and the mask pattern and transmitting the value to a tamper resistant device Server comprising a. A method for detecting side information embedded in a data string in a tamper resistant device, (1) reading the secret key embedded in the tamper resistant device; (2) reading the data string from the outside, (3) calculating additional information from the data string using the secret key Additional information detection method comprising the. A method for requesting a tamper resistant device from a server to determine whether additional information is embedded in data, (1) reading a mask pattern, (2) reading data in which additional information is embedded; (3) calculating the inner product of the data and the mask pattern and transmitting the value to the tamper resistant device Method comprising a. A medium comprising a program for requesting a tamper resistant device from a server to determine whether additional information is embedded in data, the program comprising: (1) a function of reading a mask pattern, (2) a function of reading data in which additional information is embedded; (3) A function of calculating the inner product of the data and the mask pattern and transmitting the value to a tamper resistant device A medium comprising a program comprising a.