1. Field of the Invention
The present invention relates to data processing apparatuses, data processing methods, and programs used therewith. In particular, the present invention relates to a data processing apparatus, data processing method, and program for executing encryption and obfuscation of confidential data or the like such as a biometric information template.
2. Description of the Related Art
Recently, biometrics authentication technologies using biometric information such as fingerprints and vein patterns have attracted attention. A common biometrics authentication process is performed as processing of performing collation between a feature value (template) of biometric information registered in a biometrics authentication system beforehand and a feature value obtained from new biometric information that a user allows the biometrics authentication system to read. In such a biometrics authentication system, it is necessary to store data in a storage unit of the system in a secure form such as encrypting a template for preventing registered template information from leaking.
As a technique for preventing data leakage, there is a technique of obfuscation that involves changing original data in accordance with predetermined rules. For example, as a technique for obfuscating a bit string such as stream data, a technique for obfuscating data by using a PN (pseudo-random noise) sequence is known. A PN sequence can be generated by providing shift registers and a proper feedback tap.
The configuration of a system for recording confidential information in a database by using data obfuscation with a PN sequence is described with reference to FIG. 1. FIG. 1 shows an example of the configuration of an authentication system 10 that receives input biometric information such as a fingerprint or vein pattern, uses a PN sequence to encode (encrypt (obfuscate)) the data, and registers the encoded data in a database.
User fingerprint information or the like is input to the authentication system 10 through an input section 11. An encoding/decoding section 12 receives the data input from the input section 11 and PN sequence data from a PN sequence generating section 13, performs encoding on the basis of both data, and registers the encoded data in a database 14. At a collation time, the encoding/decoding section 12 acquires the encoded data registered in the database 14, executes decoding on the basis of the encoded data and the PN sequence generated by the PN sequence generating section 13, and outputs the decoded result to a collation section 15. The collation section 15 executes processing of collation between the decoded result and new data received through the input section 11.
The PN sequence generating section 13 shown in FIG. 1 generates a pseudo-random number. Part (1) of FIG. 2 shows a configuration example of shift registers and feedback tap for generating a PN sequence having a period of 7. Specifically, the PN sequence generating, section 13 includes three shift registers (indicated by SRa, SRb, and SRc) 21, 22, and 23, and an exclusive OR operation unit 24. A value of the shift register 21 is output to the shift register 22. A value of the shift register 22 is output to the shift register 23. A value of the shift register 23 is input to an exclusive OR operation unit 24. The exclusive OR operation unit 24 executes an exclusive OR operation between the input value and the value of the shift register 21, and inputs an operation result to the shift register 21. Data input and output between the shift registers are controlled on the basis of predetermined clock timing.
Part (2) of FIG. 2 shows changes in data stored in the three shift registers 21, 22, and 23. When the data in the registers 21, 22, and 23 are sequentially shifted, it is found that the original state is returned at a period of 7, as indicated by the shown bit arrangement. A PN sequence has a feature in that the data in the shift registers can take all states excluding a pattern of all zeroes. Thus, the period is represented by (two to the power of the number of stage is of shift registers)−1. In the case of FIG. 2, since the number of stages of shift registers is 3, the period is represented by 23−1=7.
FIG. 3 illustrates examples of data encoding and decoding processes using a PN sequence. For example, in a case in which, in the authentication system 10, a feature value (template) is stored in the database 14, as described with reference to FIG. 1, the data from the input section 11 and the PN sequence data from the PN sequence generating section 13 are input, encoding (encryption (obfuscation)) on the basis of both data is performed, and the encoded data is registered in the database 14.
The encoding process shown in part (1) of FIG. 3 has: (1a) the data input from the input section 11 shown in FIG. 1, in which an input bit string serves as one to be encoded corresponding to, for example, a feature value of biometric information;
(1b) the PN sequence data, in which a PN sequence is input from the PN sequence generating section 13 shown in FIG. 1; and
(1c) the encoded result, in which encoded data is generated by the encoding/decoding section 12 shown in FIG. 1 on the basis of the input bits and the PN sequence.
In the encoding process, the encoding/decoding section 12 obtains an encoded result by executing exclusive OR operations between an input bit string and a PN sequence. For example, the first bits of the input bit string and the PN sequence are 0 and 1. This is represented by0(XOR)1=1where (XOR) represents an exclusive OR operation.
The second bits of the input bit string and the PN sequence are 0 and 0. This is represented by the following equation.0(XOR)0=0
Subsequently, by similarly executing exclusive OR operations between corresponding bits of the input bit string and the PN sequence, (1C) the encoded result is generated. The generated encoded result is stored in the database 14 shown in FIG. 1.
As described above, (1C) the encoded result has a completely different form from that of the original bit string, that is, (1a) the input bit string.
The decoding process shown in part (2) of FIG. 3 has:
(2a) an encoded bit string that is the encoded result stored in the database 14 shown in FIG. 1 and corresponds to (1c) the encoded result in FIG. 3;
(2b) a PN sequence that is the PN sequence data input from the PN sequence generating section 13 shown in FIG. 1; and
(2c) a decoded result in which decoded data is generated by the encoding/decoding section 12 shown in FIG. 1 on the basis of (2a) the encoded bit string and (2b) the PN sequence.
Also in the decoding process, the encoding/decoding section 12 obtains the decoded result by executing exclusive OR operations between (2a) the encoded bit string and (2b) the PN sequence. The PN sequence used in encoding and that used in decoding are identical. As a result, (2c) the decoded result is identical to (1a) the input bit string, and it is found that the original bit string is reproduced.
The above-described encoding/decoding technique using a PN sequence is very easy to use since it has a relatively simplified configuration and is easily realized as hardware. However, if a bit arrangement in a certain length (specifically, double the number of stages of shift registers) of the bit string generated by the PN sequence is found, a feedback tap status can be presumed from the PN sequence information. Thus, there is a risk in which, by executing, in a round-robin manner, exclusive OR operations between the bit strings generated and encoded with the same PN sequence, the original bit string can be reproduced. This analysis technique is known as the “Berlekamp-Massey” algorithm.
As described above, although the data encrypting and obfuscating technique using a PN sequence has a merit in that it has a simplified configuration and it is easy to use, it has a weakness in security in that input data can be analyzed on the basis of a leak of PN sequence information.