JP2003258791A - Information processor, information processing system, information processing method, storage medium and program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an information processor in which a throughput required for digital signature processing and verification thereof can be reduced without increasing an amount of target data. <P>SOLUTION: In the information processor 100 for applying signature processing to the target data, extraction means 103 and 104 extract components of values not belonging to a prescribed range out of components comprising the target data. An authentication information generating means 105 generates the authentication information of a component group extracted by the extraction means 103 and 104. <P>COPYRIGHT: (C)2003,JPO

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an information processing apparatus, an information processing system, an information processing method, which is used in an apparatus or system for executing digital signature processing for digital data such as images and verification processing thereof.
The present invention relates to a computer-readable storage medium storing a program for implementing the program, and the program.

[0002]

2. Description of the Related Art In recent years, various kinds of information such as characters, images, and sounds have been digitized and used due to rapid development and popularization of computers and networks. The digitized information (digital data) has a characteristic that it is not deteriorated due to aging and can be stored in a perfect state forever, and can be easily edited or processed.

However, the feature that digital data is easy to edit and process is often useful for users. For example, the progress status of an insurance company dealing with evidence photographs for accident handling and the construction situation of a construction site can be improved. For a construction company that handles records, the reliability of digital data is lower than that of conventional analog data, which leads to a problem that the ability as evidence is poor.

Therefore, there has been proposed an apparatus or system for detecting digital data that has been tampered with or forged. For example, a system using a digital signature is well known as a system for detecting falsification and forgery of digital data.

Here, the digital signature means that the transmitting side
This means a function of transmitting the signature data (digital signature data) corresponding to the target data together with the target data, and verifying the validity of the target data by verifying the signature data on the receiving side.

For example, on the transmitting side, a hash (Ha
sh) The digital signature data is generated using the function and the public key cryptography, and the processing until the validity of the digital signature data is confirmed on the receiving side is performed as follows.

First, the transmitting side (sending side) sends the secret key to "K
s ”, the public key is“ Kp ”, the plaintext data M is compressed by a hash function, and an output h of a fixed length (for example,
128-bit) is calculated.

Next, the transmitting side follows the arithmetic processing for converting the output h with the secret key Ks and generating the result as the digital signature data s, that is, the equation D (Ks, h) = s. Perform arithmetic processing. Then, the transmitting side transmits the digital signature data s and the plaintext data M.

On the other hand, the receiving side performs an arithmetic process for converting the digital signature data s sent from the sending side with the public key Kp, that is, E (Kp, s) = E (Kp, D (Ks, h ″). )) = h ″, and an arithmetic process of compressing the plaintext data M ′ transmitted from the transmitting side with the same function as the hash function used on the transmitting side to calculate h ′. Is executed, and when h ′ and h ″, which are the results of these arithmetic processes, match, it is determined that the received plaintext data M ′ is valid data. That is, when the plaintext data M is tampered with during transmission and reception, the tampering can be detected because h ′ and h ″ do not match.

At this time, if the digital signature data s is also tampered with in accordance with the tampering with the plaintext data M, tampering may not be detected.
It is necessary to obtain the plaintext data M from the output h,
In addition, the details of the one-way property of the hash function described later,
There is no possibility.

Data can be correctly authenticated by the digital signature using the public key encryption and the hash function as described above.

The public key cryptography and the hash function will be described. First, the hash function is a function used for speeding up the generation of a digital signature, and processes plaintext data M of an arbitrary length. Thus, it has a function of outputting the data h having a constant length. This output data h is called a hash value (or message digest or digital fingerprint) of the plaintext data M.

The properties required for the hash function include the properties required for unidirectionality and collision resistance. The unidirectionality is a property that, when the data h is given, it is difficult to calculate the plaintext data M that satisfies “h = H (M)” in terms of calculation amount. Collision resistance means that when plaintext data M is given, plaintext data M ′ (M ≠) that satisfies “H (M) = H (M ′)”.
M ') is difficult to calculate, and "H"
Plaintext data M satisfying (M) = H (M ′) and M ≠ M ′ ”,
This is a property that calculation of M ′ is difficult in terms of calculation amount.

As the hash function, for example, MD-2
, MD-4, MD-5, SHA-1, RIPEMD-
128 or RIPEMD-160 is known, and these algorithms are open to the public.

On the other hand, the public key cryptosystem is a cryptosystem in which the cryptographic key and the decryption key are different, the cryptographic key is made public, and the decryption key is kept secret. The characteristics of such public key cryptosystem include, for example, the following characteristics (a) to (c).

(A) Since the encryption key and the decryption key are different and the encryption key can be disclosed, it is not necessary to secretly distribute the encryption key, and key distribution is easy. (B) Since each user's encryption key is open to the public, each user need only secretly store his own decryption key. (C) It is possible to realize an authentication function that allows the receiving side to confirm that the sender of the communication text (plaintext data M) is not an impostor and that the communication text has not been tampered with.

Specifically, for example, an encryption operation using a public encryption key (public key) Kp for plaintext data M is represented by "E (Kp, M)", and a secret decryption key (secret key ) Ks
When the decryption operation using is represented by “D (Ks, M)”, the public key encryption algorithm first satisfies the following two conditions (1) and (2). (1) When the public key Kp is given, the calculation of E (Kp, M) is easy, and when the secret key Ks is given, D (D) is given.
The calculation of (Ks, M) is easy. (2) If the secret key Ks is not known, the plaintext data M is determined even if the public key Kp and the calculation procedure of E (Kp, M) and C = E (Kp, M) are known. Is difficult in terms of computational complexity.

Further, the public key cryptographic algorithm is
In addition to the conditions (1) and (2), the following condition (3) is satisfied, whereby secret communication can be realized. (3) E (Kp, M) can be defined for all plaintext data M, and D (Ks, E (Kp, M)) = M holds. That is, since the public key p is publicly available, anyone can use E (K
p, M) can be calculated, but D (Ks, E (K
Only the user who has the secret key Ks can calculate p, M)) to obtain the plaintext data M.

Further, the public key cryptographic algorithm can realize authentication communication by satisfying the following condition (4) in addition to the conditions (1) and (2). (4) D (Ks, M) can be defined for all plaintext data M, and E (Kp, D (Ks, M)) = M holds. That is, only the user himself who has the secret key Ks can calculate D (Ks, M), and another user calculates D (Ks ', M) using the false secret key Ks' and Key K
Even if you impersonate the user who owns s, E (K
Since p, D (Ks', M)) ≠ M, the receiving side can confirm that the received data is invalid. Also, even if D (Ks, M) is tampered with, E
Since (Kp, D (Ks, M) ') ≠ M, the receiving side can confirm that the received data is invalid.

Typical examples of the encryption method capable of carrying out the secret communication and the authentication communication as described above include RSA encryption, R encryption, W encryption and the like.

For example, encryption and decryption in the currently most used RSA cryptosystem are shown by the following equations. The encryption conversion using the encryption key (e, n) is represented by the formula C = Me (mod n), and the conversion to decrypt this with the decryption key (d, n) is M = Cd (mod n ). In addition, n = p · q, and p and q are large different prime numbers.

However, as shown in the above equation, RSA
The encryption method requires exponentiation operation and remainder operation for both encryption and decryption. Therefore, as compared with common key encryption such as DES, the operation amount becomes enormous and it is difficult to speed up the processing.

A system for verifying tampering and forgery of image data using the digital signature as described above is disclosed in USP 5,499,294 and the like.

The above system is configured so that the following processing is carried out. First, a hash value of target image data (target image data) is calculated, and the hash value is encrypted with a secret key to generate a digital signature for the target image data. Next, in order to verify whether the target image data has been tampered with, the hash value is calculated by decrypting the digital signature for the target image data with the public key, and the hash value is also calculated from the target image data. calculate. Then, the hash value obtained by decrypting the digital signature for the target image data is compared with the hash value obtained from the target image data, and if the results of this comparison indicate that they have been tampered with or forged. Verify not.

[0025]

However, in the apparatus or system using the conventional digital signature as described above, when the target data is data having a large data amount such as an image, digital data for the target data is obtained. A large amount of processing is required to generate the signature. Therefore, for example, shooting with a digital camera,
When a digital signature is generated for a captured image at that moment, it is difficult to realize this at high speed and efficiently because a large amount of processing is required.

Therefore, in order to solve the above problems, for example, USP 5,898,779 and the like have proposed the following configurations.

First, in the digital signature processing, an area to be digitally signed is selected from the entire image which is the target data, a hash value of the selected area is calculated, and the hash value is encrypted with a secret key to obtain the target. Generate a digital signature for the data. Then, in the verification process, the hash value of the digital signature for the target data is calculated by decrypting the digital signature with the public key, and the hash value of the digitally signed area in the image as the target data is also calculated. By using these two hash values, it is verified whether or not the digital signature area has been tampered with.

Here, the processing amount of the hash function used to calculate the hash value is characterized by being proportional to the input data amount. Therefore, according to the configuration of the above system, it is possible to reduce the amount of processing for generating a digital signature.

However, in the conventional configuration such as the above system, at the time of the verification processing, it is necessary to obtain the area information as to which area in the image which is the target data is digitally signed. Had to be attached to the target data together with the digital signature. Therefore, even in the above system configuration, there is a problem that the amount of data that must be transmitted to the verification device becomes large.

As described above, the conventional technique has a problem that a large amount of processing is required to generate a digital signature for target data. Further, even when the image as the target data is configured to be digitally signed in an arbitrary area,
Since it is necessary to add the information indicating the area to the target data, there is a problem that the amount of data that must be transmitted to the verification device becomes large.

Therefore, the present invention has been made in order to eliminate the above-mentioned drawbacks, and is required for digital signature processing and its verification processing without increasing the data amount of the data that must be transmitted to the verification device. Information processing device, information processing system, information processing method, and
An object of the present invention is to provide a computer-readable storage medium that stores a program for implementing the program, and the program.

[0032]

[Means for Solving the Problems] Under such a purpose,
A first aspect of the present invention is an information processing apparatus that performs signature processing on target data, wherein among the elements forming the target data,
The present invention is characterized by comprising extraction means for extracting an element whose value does not belong to a predetermined range, and authentication information generation means for generating authentication information of the element group extracted by the extraction means.

A second aspect of the present invention is an information processing apparatus for verifying target data, wherein, of the elements constituting the target data,
An extraction unit that extracts an element whose value does not belong to a predetermined range, an element group extracted by the extraction unit, and a verification unit that verifies the target data using the element group and the authentication information. And

A third invention is an information processing system in which a plurality of devices are communicably connected to each other, and at least one device of the plurality of devices is an information processing device according to claim 1 or 2. It is characterized by having the function of.

A fourth aspect of the present invention is an information processing method for performing a signature process on digital data, which is an extraction step of extracting an element whose value is included in a predetermined range from among the elements forming the digital data. And an authentication information generation step of generating authentication information of the element group extracted by the extraction step.

A fifth invention is the same as the above-mentioned fourth invention,
The extracting step is based on the area determining step of determining area information for dividing an element forming the digital data into a first area and a second area, and the area information determined by the area determining step. Among the elements forming the digital data, a step of changing the value of the element belonging to the first area to a value outside the range of possible values of the element belonging to the second area, the authentication information generation The step is characterized by including a step of generating authentication information of the element group after the change by the calculation step.

The sixth invention is based on the fourth invention.
The operation step includes a step of performing a bit shift on the elements forming the digital data.

A seventh invention is the same as the fourth invention, except that
The authentication information generating step includes a hash value calculating step of calculating a hash value of the element group and an encryption step of encrypting the hash value obtained by the hash value calculating step.

An eighth invention is the above-mentioned seventh invention, wherein
The encryption process is characterized by including an encryption process using a secret key in a secret key system.

The ninth invention is the same as the seventh invention,
The encryption process is characterized by including an encryption process using a secret key in a public key system.

A tenth aspect of the present invention is an information processing method for verifying whether or not digital data has been tampered with, wherein among the elements constituting the digital data, an element whose value falls within a predetermined range. And a verification step for verifying whether or not the digital data has been tampered with by using the element group extracted by the extraction step and the authentication information of the element group. .

In an eleventh aspect based on the tenth aspect, the verification step includes a hash value calculation step for calculating a hash value of the element group, a decryption step for decrypting the authentication information, and the hash value calculation. It is characterized by including a comparison step of comparing the value obtained by the step and the value obtained by the decoding step.

A twelfth invention is characterized in that, in the eleventh invention, the decrypting step includes a step of performing a decrypting process using a secret key in a secret key system.

A thirteenth invention is characterized in that, in the eleventh invention, the decryption step includes a step of performing a decryption process using a public key in a public key system.

In a fourteenth invention based on the eleventh invention, in the comparison step, when the value obtained in the hash value calculation step is equal to the value obtained in the decryption step, the digital data is obtained. Is determined not to have been tampered with, and the digital data has been tampered with if the value obtained by the hash value calculation step and the value obtained by the decryption step are different. And

A fifteenth invention is characterized in that, in the tenth invention, the method includes an area information output step of outputting an area to which the element extracted by the extraction step belongs.

A sixteenth invention is a program which functions as an apparatus or a system for performing signature processing on digital data when read and executed by a computer,
Of the elements forming the digital data, a program code of an extraction step for extracting an element whose value does not belong to a predetermined range, and an authentication for generating authentication information of an element group extracted by executing the program code of the extraction step And a program code of an information generating step.

A seventeenth aspect of the present invention is a program which functions as an apparatus or a system for verifying whether or not digital data has been falsified by being read and executed by a computer, among the elements constituting the digital data. , The digital data is tampered with by using the program code of the extraction step for extracting the elements whose values do not belong to the predetermined range, the element group extracted by the execution of the program code of the extraction step, and the authentication information of the element group. And a program code of a verification process for verifying whether or not it has been performed.

The eighteenth invention is a computer-readable storage medium storing the program according to the sixteenth or seventeenth aspect.

[0050]

BEST MODE FOR CARRYING OUT THE INVENTION Embodiments of the present invention will be described below with reference to the drawings.

[First Embodiment] The present invention is applied to, for example, a signature processing apparatus (function) 100 as shown in FIG. When the signature processing apparatus 100 according to the present embodiment performs digital signature processing on target digital data (target data), an element whose element value is included in a predetermined range among elements forming the target data. Authentication information (digital signature information) of the extracted element group
Is configured to generate. As a result, the processing amount required for the digital signature processing and the verification processing can be reduced, and since the information for designating the area of the digital signature does not have to be attached to the target data, the target data amount does not increase. . The configuration and operation of signature processing apparatus 100 according to the present embodiment will be specifically described below.

<Structure of Signature Processing Device 100> As shown in FIG. 1, the signature processing device 100 includes an image data generation unit 101, a discrete wavelet transform unit 102, a region designation unit 103, a quantization unit 104, and authentication information generation. The configuration includes a unit 105, an entropy coding unit 106, and a code output unit 107.

The constituent unit 1 of the signature processing apparatus 100
01 to 107 are not limited to those realized by the hardware configuration, and may be realized by execution of software by the CPU or the like. In this case, the configuration units 101 to 107 should be considered as those conceptually capturing the functions required for the processing performed by the software.

<Structure and Operation of Image Data Generating Unit 101> The image data generating unit 101 rasterizes the target data I.
The data is output to the discrete wavelet transform unit 102 in the scan order.

Here, the target data I is a pixel signal forming an image to be digitally signed. Further, although the image signal I is a signal that expresses a monochrome multi-valued image, it is not limited to this. For example, when the image signal is a signal expressing a color image, a plurality of color components forming the color image are converted into (RGB
Color component, luminance, chromaticity component, etc.) may be processed as a single color component.

<Structure and Operation of Discrete Wavelet Transform Unit 102> The discrete wavelet transform unit 102 performs a two-dimensional discrete wavelet transform process on the image signal I from the image data generating unit 101 to obtain its transform coefficient. Acquire and output C.

Specifically, for example, the discrete wavelet transform unit 102 is configured to include a memory 102a and a processing unit 102b, as shown in FIG. In the discrete wavelet transform unit 102, the image signal I from the image data generation unit 101 is stored in the memory 102a. The processing unit 102b sequentially reads signals from the memory 102a,
Two-dimensional discrete wavelet transform processing is applied to the read signal, and the processed signal is written again in the memory 102a.

The processing section 102b has, for example, a configuration as shown in FIG. In the processing unit 102b, the image signal I from the image data generating unit 101 is output to the delay element 102b.
-1 and the down samplers 102b-2 and 102b-3 are combined to separate into even-numbered address signals and odd-numbered address signals, and are filtered by the two filters p (102b-4) and u (102b-5). .

In FIG. 3, outputs s and d respectively represent the low-pass coefficient and the high-pass coefficient when one-level decomposition is performed on the one-dimensional image signal I,
It is assumed that the image signal I to be converted is “x (n)” and is obtained by the following equations (1) and (2). d (n) = x (2 * n + 1)-floor ((x (2 * n) + x (2 * n + 2)) / 2)… Equation (1) s (n) = x (2 * n) + floor ((d (n-1) + d (n)) / 4)… Equation (2)

Therefore, the discrete wavelet transform unit 1
Reference numeral 02 acquires a two-dimensional transform coefficient group by sequentially performing the one-dimensional discrete wavelet transform process on the image signal I as described above in the horizontal and vertical directions of the target image.

Since the two-dimensional discrete wavelet transform is known, its detailed description is omitted here.

FIG. 4 shows the discrete wavelet transform unit 102.
It is an example of a two-level conversion coefficient group obtained in. As shown in FIG. 4, the image signal I includes coefficient sequences HH1, HL1, LH1 ,. ． ． , L
It is decomposed into L. In the following description, these coefficient sequences will be referred to as "subbands". Therefore, subband HH
1, HL1, LH1 ,. ． ． , LL are supplied to the quantization unit 104, which will be described later, in the next stage.

<Structure and Operation of Region Designating Unit 103> The region designating unit 103, in the image (target image) represented by the image signal I, is a desired region (ROI: region of interesting) for generating authentication information described later. , Below, "Region RO
(Also referred to as “I”). Area RO determined here
In the image to be encoded, I is decoded with high image quality as compared with the portion around the region ROI.

Further, the region designation unit 103 generates mask information M indicating which coefficient belongs to the region ROI when the target image is subjected to the discrete wavelet transform by the discrete wavelet transform unit 102.

Specifically, for example, the target image is the image 210 as shown in FIG. 5 (see the left side of the figure), and the image 2
In FIG. 10, when the region ROI (here, star-shaped region) 211 is designated by an arbitrary instruction input, the region designating unit 103 determines that the region ROI is obtained when the image 210 including the region ROI is subjected to the discrete wavelet transform. The portion occupied in each subband is calculated and used as mask information M.

The image 220 shown in FIG. 5 (see the right side of the figure) is an example of the mask information M. That is, the region designating unit 103 calculates the portion occupied by each region 211 in each subband when the two-level discrete wavelet transform is applied to the image 210 including the star-shaped region (region ROI) 211. As a result, the mask information M (220) is generated.

In the mask information M (220), the star-shaped portion is the region ROI, the bit information in the region ROI is "1", and the bit information in the other regions is "0".

The mask information M (2
20) Since the whole is the same as the configuration of the transform coefficient by the two-dimensional discrete wavelet transform (see FIG. 4 above), by checking the bits in the mask information M (220), the coefficient at the corresponding position is obtained as the region ROI It can be identified whether or not it belongs to.

A parameter designating the image quality for the region ROI is input to the region designating unit 103 from an input system (not shown). The parameters here are
For example, a numerical value expressing the compression rate assigned to the region ROI, a numerical value expressing the image quality, and the like can be cited. Therefore, the area designating unit 103 determines the area R based on the input parameter.
Obtain the bit shift amount B for the coefficient in OI,
The bit shift amount B is supplied to the quantizer 104 together with the mask information M generated as described above.

<Configuration and Operation of Quantization Unit 104> For the quantization unit 104, the discrete wavelet transform unit 102
The coefficient C (2 level conversion coefficient group, refer to FIG. 4) obtained in step A and the bit shift amount B obtained in the area designating unit 103.
And mask information M are supplied. The quantizer 104
The coefficient C is quantized by a predetermined quantization step, and the index group Q for the quantized value is output.

Specifically, for example, the quantization unit 104 first executes the quantization of the coefficient C from the discrete wavelet transform unit 102 according to the following equations (3) to (5). q = sign (c) floor (abs (c) / Δ) ... Formula (3) sign (c) = 1; c> = 0 ... Formula (4) sign (c) = -1; c <0 ... Formula ( 5)

In the above equations (3) to (5), "c"
Is a coefficient C to be quantized. In addition, in the present embodiment, the value of “Δ” includes “1”. In this case, no quantization is actually done.

Next, the quantizing unit 104 uses the area designating unit 10
Based on the mask information M and the shift amount B from 3, the quantization index q obtained by the above equations (3) to (5)
Is changed according to the following equations (6) and (7). q '= q * 2 ^ B; m = 1 ... Expression (6) q' = q; m = 0 ... Expression (7)

In the above equations (6) and (7), "m"
Is the mask information M at the position of the quantization index q.
Is the value of.

By the processing of the quantization unit 104 as described above, only the quantization index q of the quantized value belonging to the region ROI (space region) determined by the region designation unit 103 is
The number of bits indicated by the shift amount B is shifted up.

Here, in the present embodiment, as the shift amount (shift number) B, the same value as the number of bits expressing the quantization index q before the bit shift is set. That is, the shift amount (the number of shifts) B is set to such a value that all bits of the quantized index q ′ after the bit shift are shifted up so as to exceed the MSB of the quantized index q before the bit shift. For example, when the dynamic range of the quantization index q before bit shift is “0” to “+16”, the shift number B is
Set “4”.

By carrying out such a bit shift, the quantization index q of the area ROI always exceeds the dynamic range of the values of the quantization indexes of the other areas. That is, the value of the quantization index is checked at the time of decoding, and if the intex value exceeds the dynamic range of the quantization index q before bit shift, the index is the quantization index included in the region ROI. Conversely, if the intex value does not exceed the dynamic range of the quantization index q before bit shift, it can be determined that the index is a quantization index not included in the region ROI. This eliminates the need to separately send the mask information to the decoder.

FIGS. 6A and 6B show an example of changing the quantization index by the above shift up. First, FIG. 6A shows a quantization index group of a certain subband. In this quantization index group, the mask information value in the quantization index q of the shaded area is “1”. When the shift number B is "4", the quantized index q'after the shift is in a state of being shifted up by B bits, as shown in FIG. At this time, “0” is complemented in the blank space (the lower part of the hatched area in FIG. 6B) generated by the bit shift.

Therefore, the quantization index group Q (quantization index q ′ after bit shift) as shown in FIG. 6B is supplied to the authentication information generating section 105 and the entropy encoding section 106 in the next stage. Will be done.

<Structure and Operation of Authentication Information Generation Unit 105>
The authentication information generation unit 105 uses the secret key Ks to acquire the authentication information of the quantization index q ′ included in the region ROI determined by the region designation unit 103 from the quantization index group Q from the quantization unit 104. To generate.

Specifically, for example, the authentication information generation unit 105
As shown in FIG. 7, has a configuration including a hash value calculation unit 105a and an encryption processing unit 105b.

The hash value calculation unit 105a includes the quantization unit 1
From the quantization index group Q from 04, the quantization index (q ') included in the region ROI determined by the region designation unit 103 is taken out, and the hash value H of the quantization index is calculated. Quantization index is region R
Whether or not it is included in the OI can be determined by whether or not the quantization index exceeds the dynamic range before bit shift as described above. The hash value H calculated here is supplied to the encryption processing unit 105b at the next stage.

The encryption processing unit 105b uses the hash value H from the hash value calculation unit 105a as the externally supplied secret key Ks (such as the secret key Ks in the public key system corresponding to the public key Kp described later). Encryption processing using
The value after the processing is output as the authentication information Sign.

The authentication information Sign generated by the encryption processing unit 105b may be included in the code output by the code output unit 107. In this case, the only information that should be sent to the verification processing unit described later is the code output from the code output unit 107. Alternatively, the code output unit 107
Authentication information S by means other than the code string output from
ign may be sent to the verification processing unit.

<Structure and Operation of Entropy Encoding Unit 106> The entropy encoding unit 106 includes the quantization unit 104.
The quantized index group Q from is decomposed into bit planes, and binary arithmetic coding is performed in the bit plane units to generate and output a code stream.

Specifically, for example, the quantization index group Q input to the entropy coding unit 106 is
As shown in FIG. 8A, there are three non-zero quantization indexes in the region of the subband having a size of 4 × 4 pixels, each of which is +13, −6, +3.
, The entropy coding unit 106 scans the area to find the maximum value M, and the bit required to express the maximum quantization index is obtained by the following equation (8). Calculate the number S. S = ceil (log2 (abs (M))) ... Expression (8) In the above Expression (8), "ceil (x)" represents the smallest integer value among integers of x or more.

Therefore, in FIG. 8A, since the maximum coefficient value is "13", the number of bits S is "4", and the 16 quantization index groups Q in the sequence.
Is processed in units of four bit planes, as shown in FIG.

That is, the entropy coding unit 106
First, each bit of the most significant bit plane MSB is entropy-encoded (here, binary arithmetic encoding), and the result is output to the code output unit 107 as a bit stream BS. Next, the entropy coding unit 106
The bit plane is lowered by one level, and similarly, each bit in the bit plane is entropy-coded until the target bit plane reaches the least significant bit plane LSB, and the result is sent to the code output unit 107 as the bit stream BS. Output.

When entropy-encoding the quantized index of the quantized index group Q in the entropy coder 106, a non-zero value which should be coded first (uppermost) in the bit plane scanning from upper to lower.
When a bit is detected, it is immediately followed by one bit indicating the sign of the quantization index and binary arithmetic coding. As a result, it is possible to efficiently encode the positive / negative signs of the quantization index other than “0”.

<Structure and Operation of Code Output Unit 107> The code output unit 107 outputs the bit stream BS from the entropy coding unit 106, for example, as data (code string) as shown in FIG. 9A. To do.

Specifically, first, the above-mentioned FIG.
(D) specifically shows the overall configuration of the data output from the code output unit 107. The output data is
The main header MH at the beginning of the data, the tile header THx and the bit stream BSx that form a pair with each other.
(X: 0, 1, ..., N-1).

As shown in FIG. 9B, the main header MH is the size (number of pixels in the horizontal and vertical directions) of the image to be encoded (target image), and the target image is a plurality of rectangular areas. It includes the size when divided into tiles, the number of components that represent the number of color components that make up the target image, the size of each component, and component information that represents bit precision.

In this embodiment, since the target image is not divided into tiles, the tile size and the image size have the same value. If the target image is a monochrome multi-valued image, the number of components is “1”.
Becomes

As shown in FIG. 9C, the tile header THx includes a tile length including the bitstream length and the header length of the target tile, an encoding parameter for the target tile, and a designated area (area ROI). The mask information shown and the number of bit shifts for the coefficient belonging to the area are included. Further, the coding parameter includes information such as the level of discrete wavelet transform and the type of filter.

The bit stream BSx is the same as that shown in FIG.
As shown in (d), the data is grouped in bit plane units.
S-1, S-2, ..., 0) are arranged in such a manner as to go from the upper bit plane (S-1) to the lower bit plane (0). Each bit plane (Bit Plane S-1, S-2, ...,
0) has a configuration in which the result of encoding the bit plane of the quantization index in the target subband is sequentially arranged in subband units. The number of bits S here is
It is the number of bits required to represent the maximum quantization index.

The data output from the signature processing apparatus 100 as described above, that is, the code string output from the code output unit 107 is hierarchically decoded by the verification processing apparatus (function) 200 shown in FIG. To be done.

In this embodiment, the compression rate of the entire image to be encoded can be controlled by changing the quantization step Δ. Further, in the present embodiment, it is possible to limit (discard) the lower bits of the bit plane encoded by the entropy encoding unit 107 according to the required compression rate. In this case, not all bit planes are encoded, and the upper bit planes to the number of bit planes corresponding to the desired compression rate are encoded and included in the final code string.

<Structure of Verification Processing Device 200> The data output from the signature processing device 100 shown in FIG. 1, that is, the data output from the authentication information certificate generation unit 105 and the code output unit 107 is, for example, as shown in FIG. The verification processing device (function) 200 as shown in FIG.

Specifically, first, the verification processing device (function)
Reference numeral 200 denotes a code input unit 20 as shown in FIG.
1, the entropy decoding unit 202, and the verification unit 203 are included.

[0100] The configuration unit 2 of the verification processing device 200
01 to 203 are not limited to those realized by the hardware configuration, and may be realized by execution of software by the CPU or the like. In this case, the configuration units 201 to 203 should be considered to have conceptually considered the functions required for the processing performed by the software.

<Structure and Operation of Code Input Unit 201> The code input unit 201 is the code output unit 10 of the signature processing apparatus 100.
By analyzing the header (MH) included in the code string output from 7 (see FIG. 9 above), parameters necessary for subsequent processing are extracted, and the flow of processing is controlled as necessary, Alternatively, the corresponding parameter is sent to the subsequent processing unit. Further, the code input unit 201 outputs the bitstream BS included in the code string to the entropy decoding unit 202.

<Structure and Operation of Entropy Decoding Unit 202> The entropy decoding unit 202 converts the bit stream BS from the code input unit 201 into bit plane units as shown in FIGS. 11 (a) and 11 (b), for example. Decrypt with and output.

Here, in FIG. 11A, in the entropy decoding unit 202, one region of the subband to be decoded is sequentially decoded in bit plane units, and as shown in FIG. 3 shows a state in which a typical quantization index group Q is restored and obtained, and the arrow in the figure shows the decoding order of the bit planes.

<Structure and Operation of Verification Unit 203> Verification Unit 2
03, the quantization index group Q obtained by the entropy decoding unit 202, and the signature processing device 100.
Authentication information Sig output from the authentication information generation unit 105 of
n is supplied.

The verification section 203 verifies whether the area designated at the time of signature has been tampered with, using the authentication information Sign and the quantization index group Q.

Specifically, for example, the verification unit 203 is configured as shown in FIG.
2, the decryption processing unit 203a, the hash value calculation unit 203b, and the comparison unit 203c are included.

Therefore, in the verification unit 203, first, the authentication information Sign and the public key Kp are input to the decryption processing unit 203a. The decryption processing unit 203a decrypts the authentication information Sign using the public key Kp, and the obtained value H1 (hash value) is compared with the comparison unit 2 in the subsequent stage.
Output to 03c.

On the other hand, the quantization index group Q is input to the hash value calculation unit 203b. The hash value calculation unit 203b takes out the quantization index included in the region designated at the time of signature from the quantization index group Q, and calculates the hash value H2 of the quantization index. Here, it is determined whether or not the quantization index is included in the area (area ROI) designated at the time of signature,
As described above, it can be performed depending on whether or not the quantization index exceeds the dynamic range before bit shift.

For the comparison unit 203c, the decoding processing unit 2
The hash value H1 obtained in 03a and the hash value H2 obtained in the hash value calculation unit 203b are input. The comparison unit 203c verifies whether or not the region ROI has been tampered with by comparing the hash value H1 and the hash value H2. That is, the comparison unit 203c determines that the hash value H
If 1 and the hash value H2 are equal, it is determined that the file has not been tampered with, and if the hash value H1 and the hash value H2 are not, it is determined that the file has been tampered with, and this determination result is output.

In the comparison unit 203c, in order to clearly indicate to which area the verification processing has been performed, the area information subjected to the verification processing may be output together with the determination result.

Second Embodiment In the first embodiment, in the signature processing device 100, the authentication information generation unit 10
5, the private key Ks in the public key system is used to generate the authentication information Sign, and the verification processing device 200 uses the private key Ks to verify the authentication information Sign.
Is configured to use the public key Kp corresponding to.

However, the private key K of the public key system
With the configuration using s, it is possible to easily deliver the secret key Ks required for verification of the authentication information Sign to the verification side (verification processing device 200), but on the other hand, the signature processing device 100. In the above, a large amount of processing is required to generate the authentication information Sign. This poses a problem when the digital signature processing is executed inside a device such as a digital camera having a relatively low processing capacity.

Therefore, in the present embodiment, when the signature processing device 100 generates the authentication information Sign by the encryption process using the secret key, the secret key Ks' in the secret key system is used as the secret key. To configure. The encryption process using the secret key Ks' in the secret key system is generally the secret key Ks in the public key system.
The processing amount is often smaller than that of the encryption processing using. As described above, by using the secret key system, it becomes easy to execute the digital signature processing in a device such as a digital camera having a relatively small processing capacity or in the system.

For the configuration using the secret key system as described above, the authentication information generation unit 105 shown in FIG. 7 and the verification processing unit 203 shown in FIG. 12 in the first embodiment are applied. Can be implemented in. In this case, the secret key Ks in FIG. 7 becomes the secret key Ks ′ in the secret key system, and the secret key Kp in FIG. 12 also becomes the secret key Ks in the secret key system.
It becomes ´. In addition, it is preferable that the signature processing apparatus 100 is configured to securely send the secret key Ks ′ used for generating the authentication information Sign to the verification processing apparatus 200.

The present invention can be applied as a part of a system composed of a plurality of devices (for example, a host computer, an interface device, a reader, a printer, etc.) to one device (for example, a copying machine, a digital device). It is also possible to apply it to a part of a device including a camera and a facsimile device.

Further, the present invention is not limited to the device or system for realizing the first and second embodiments and the method thereof, and the computer (CPU or MPU) in the device or system. ), A program code of software for realizing the first and second embodiments is supplied, and the computer in the device or the system operates according to the program code.
The case where the first and second embodiments are realized by operating various devices is also included in the scope of the present invention.

In this case, the program code itself of the software realizes the functions of the first and second embodiments, and the program code itself and means for supplying the program code to the computer,
Specifically, a storage medium storing the program code is included in the category of the present invention.

A flexible disk, a hard disk, an optical disk, a magneto-optical disk, a CD-ROM, a magnetic tape, a non-volatile memory card, a ROM, or the like can be applied as a storage medium for storing the program code.

Further, not only when the functions of the first and second embodiments are realized by the computer controlling the various devices only in accordance with the supplied program code, the program code is stored on the computer. The program code is also included in the scope of the present invention when the first and second embodiments are implemented in cooperation with an OS (operating system) running on the computer or other application software.

Further, after the supplied program code is stored in the memory provided in the function expansion board of the computer or the function expansion unit connected to the computer, the function expansion board or the function storage is stored based on the instruction of the program code. The case where the CPU or the like included in the unit performs some or all of the actual processing and the first and second embodiments are realized by the processing is also included in the scope of the present invention.

FIG. 13 shows the function 600 of the computer.
Is shown. As shown in FIG. 13, the computer function 600 includes a CPU 601 and a ROM 602.
RAM 603, keyboard controller (KBC) 605 of keyboard (KB) 609, CRT controller (CRTC) 606 of CRT display (CRT) 610 as a display unit, and hard disk (HD)
611 and a flexible disk (FD) 612 disk controller (DKC) 607, and a network 6
A network interface controller (NIC) 608 for connection with the
It is configured to be communicably connected to each other via.

The CPU 601 is a ROM 602 or HD.
By executing the software stored in 611 or the software supplied from FD612, each component connected to the system bus 604 is comprehensively controlled.
That is, the CPU 601 executes the processing program according to the predetermined processing sequence in the ROM 602 or the HD 61.
1 or by reading from FD612 and executing,
Control for realizing the operation in the first and second embodiments is performed.

The RAM 603 functions as the main memory or work area of the CPU 601. KBC605
Controls instruction input from the KB 609 or a pointing device (not shown). CRTC606 is C
It controls the display of the RT 610. The DKC607 is a boot program, various applications, edit files,
It controls access to the HD 611 and the FD 612 that store the user file, the network management program, and the predetermined processing programs according to the first and second embodiments. The NIC 608 bidirectionally exchanges data with a device or system on the network 620.

[0124]

As described above, according to the present invention, when the signature process is performed on the target data (digital data of an image or the like), among the elements forming the target data, the value of which does not belong to the predetermined range. Is extracted and the authentication information of the extracted element group is generated. As a result, the verification side, which receives the target data and verifies that the target data has not been tampered with, needs information indicating the area where the signature processing is performed (the area of the element group in which the authentication information is generated) as in the past. Instead, it becomes possible to extract the elements of which the value does not belong to the predetermined range among the elements constituting the target data, and to verify the target data by using the extracted element group and the authentication information.

Therefore, according to the present invention, it is possible to reduce the processing amount required for the signature processing and the verification processing by applying the signature processing to a partial area of the target data. Since it is not necessary to attach the information designating the item to the target data, it is possible to reduce the amount of data required for the verification process.

[Brief description of drawings]

FIG. 1 is a block diagram showing a configuration of a signature processing device to which the present invention has been applied in a first embodiment.

FIG. 2 is a block diagram showing a configuration of a discrete wavelet transform unit of the signature processing device.

FIG. 3 is a block diagram showing a configuration of a processing unit of the discrete wavelet transform unit.

FIG. 4 is a diagram for explaining a two-level transform coefficient group obtained by the discrete wavelet transform unit.

FIG. 5 is a diagram for explaining mask information in an area designating unit of the signature processing apparatus.

FIG. 6 is a diagram for explaining bit shift in the quantization unit of the signature processing device.

FIG. 7 is a block diagram showing a configuration of an authentication information generation unit of the signature processing device.

FIG. 8 is a diagram for explaining entropy coding in an entropy coding unit of the signature processing device.

FIG. 9 is a diagram for explaining a code string output from the code output unit of the signature processing device.

FIG. 10 is a block diagram showing a configuration of a verification processing device that decrypts an output of the signature processing device.

FIG. 11 is a diagram for explaining entropy decoding in an entropy decoding unit of the verification processing device.

FIG. 12 is a block diagram showing a configuration of a verification unit of the verification processing device.

FIG. 13 is a block diagram showing a configuration of a computer that reads a program for causing a computer to realize the functions of the first and second embodiments from a computer-readable storage medium and executes the program.

[Explanation of symbols]

100 signature processing device 101 Image data generator 102 discrete wavelet transform unit 103 area designation section 104 quantizer 105 Authentication Information Generation Unit 106 Entropy Coding Unit 107 code output unit

   ─────────────────────────────────────────────────── ─── Continued front page    (72) Inventor Satoshi Wakao             3-30-2 Shimomaruko, Ota-ku, Tokyo             Non non corporation F term (reference) 5B057 AA20 BA24 CA19 CE09 CG01                       CG07 DA08                 5C076 AA14 BA06                 5J104 AA09 LA03 LA06 NA12 NA14

Claims (18)

[Claims] 1. An information processing apparatus for performing signature processing on target data, comprising: an extracting means for extracting an element whose value does not belong to a predetermined range from among the elements forming the target data; and the extracting means. An information processing apparatus, comprising: an authentication information generating unit that generates authentication information of the extracted element group. 2. An information processing apparatus for verifying target data, comprising: an extracting means for extracting an element of which the value does not belong to a predetermined range, and an element extracted by the extracting means. An information processing apparatus comprising: a group, and a verification unit that verifies target data using the element group and the authentication information. 3. An information processing system in which a plurality of devices are communicably connected to each other, and at least one device of the plurality of devices has a function of the information processing device according to claim 1. An information processing system characterized by the above. 4. An information processing method for performing signature processing on digital data, comprising: an extracting step of extracting an element whose value is included in a predetermined range from among elements forming the digital data; An authentication information generating step of generating authentication information of the element group extracted by the step, the information processing method. 5. The extraction step includes a region determination step of determining region information for dividing an element forming the digital data into a first region and a second region, and region information determined by the region determination step. Of the elements constituting the digital data, the value of the element belonging to the first area is changed to a value outside the range of values that can be taken by the element belonging to the second area. The information processing method according to claim 4, wherein the authentication information generating step includes a step of generating authentication information of the element group after the change by the calculation step. 6. The information processing method according to claim 4, wherein the operation step includes a step of performing a bit shift on the elements forming the digital data. 7. The authentication information generating step includes a hash value calculating step of calculating a hash value of the element group, and an encryption step of encrypting the hash value obtained by the hash value calculating step. The information processing method according to claim 4, wherein: 8. The information processing method according to claim 7, wherein the encryption process includes an encryption process using a secret key in a secret key system. 9. The information processing method according to claim 7, wherein the encryption process includes an encryption process using a secret key in a public key system. 10. An information processing method for verifying whether or not digital data has been tampered with, the method comprising: extracting an element whose value falls within a predetermined range from among the elements constituting the digital data. An information processing method comprising: a step; and a verification step of verifying whether or not the digital data has been tampered with by using the element group extracted by the extraction step and the authentication information of the element group. 11. The verification step includes a hash value calculation step for calculating a hash value of the element group, a decryption step for decrypting the authentication information, a value obtained by the hash value calculation step, and the decryption step. 11. The information processing method according to claim 10, further comprising a comparison step of comparing the value obtained by 12. The information processing method according to claim 11, wherein the decrypting step includes a step of performing decryption processing using a secret key in a secret key system. 13. The information processing method according to claim 11, wherein the decrypting step includes a step of performing a decrypting process using a public key in a public key system. 14. The comparison step determines that the digital data has not been tampered with when the value obtained by the hash value calculation step is equal to the value obtained by the decryption step, and the hash value is obtained. The information processing method according to claim 11, further comprising a step of determining that the digital data has been tampered with when the value obtained in the value calculating step and the value obtained in the decoding step are different. 15. The information processing method according to claim 10, further comprising a region information output step of outputting a region to which the element extracted by the extraction step belongs. 16. A program which, when read and executed by a computer, functions as an apparatus or a system for performing signature processing on digital data, the element of which the value does not belong to a predetermined range among the elements constituting the digital data. And a program code of an authentication information generating step of generating authentication information of the element group extracted by executing the program code of the extracting step. 17. A program which functions as an apparatus or system for reading and executing by a computer to verify whether or not digital data has been tampered with, the value of which is one of the elements constituting the digital data. Whether the digital data has been tampered with by using the program code of the extraction process for extracting the elements that do not belong to the predetermined range, the element group extracted by executing the program code of the extraction step, and the authentication information of the element group. And a program code of a verification process for verifying whether or not the program. 18. A computer-readable storage medium storing the program according to claim 16 or 17.