JP2005341395A - Image data transmitting apparatus, receiving apparatus, and image data transmitting/receiving method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To propose an image data transmitting system for reducing a load without damaging security. <P>SOLUTION: A transmission apparatus which compresses and transmits image data using an arithmetic encoding means, includes a digest data means which defines contents of a learning memory at the end of arithmetic encoding or at least a part of the contents as digest data or creates digest data based on the contents of the learning memory at the end of arithmetic encoding or at least a part of the contents, a private key encryption means which produces electronic signature data by encrypting the digest data using a private key of a sender, and a transmission means which transmits the data encrypted by the private key encryption means together with the image data. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to an image data communication technique in which an electronic signature is added to image data and transmitted to another device via a network or the like, and the transmitted data is received and the image data is authenticated by the sender. About.

In the case of transmitting information via a network or the like, it is difficult to ensure security because the password can be easily guessed or eavesdropped only by conventional identity verification using only the ID and password.
For this reason, as a “strong authentication” system based on cryptographic technology, securing of security by electronic signature of public key cryptographic technology is currently attracting attention and put into practical use. The public key cryptosystem is a common key using a pair of two keys having a special property that "information encrypted with one key (public key) can only be decrypted with the other key (secret key)" This is a method for securely transmitting a signature and the like.

By applying digital signatures (digital signatures), it is possible to have something equivalent to real-world signatures and seals in cyberspace.
The electronic signature has two effects: (1) tampering detection and (2) confirmation of the identity of the person.

  To sign an electronic document, the sender only has to encrypt the document with his / her private signature key (secret key). If the recipient can open the document with the verification key (public key) released by the sender, the receiver can reliably verify that this document is actually the document sent by the sender. . In addition, by comparing digests as electronic fingerprints, it is possible to confirm whether or not tampering has occurred.

  FIG. 4 is a diagram for explaining a method for ensuring security using an electronic signature of public key cryptography. In FIG. 4, 801 is a personal computer (PC) of user A (Mr. A) who transmits information, 821 is a PC of user B (Mr. B) who receives information, and 800 is a network to which PC 801 and PC 821 are connected. .

  In the PC 801, the plaintext 805 which is raw information is encrypted with the common key 803 in the common key encryption unit 806, and a ciphertext 811 is generated. The reason why the public key method is not used for the encryption is that the public key method has a heavy processing load. Of course, the encrypted data cannot be decrypted without the common key 803.

  The common key 803 is encrypted by Mr. B's public key 802 and public key encryption means 804. The encrypted common key data cannot be decrypted even with Mr. B's public key 802.

  On the other hand, from the plaintext 805, a digest 807 converted according to a certain rule is generated based on the content. The data size of the digest may be as small as possible to be a plaintext 805 signature. The digest 807 is encrypted by the public key encryption means 808 with Mr. A's private key 809.

  As described above, the encrypted common key data 810, the ciphertext 811, and the encrypted digest 812 are transmitted to Mr. B's PC 821 via the network 800.

  In Mr. B's PC 821, the common key data 810 is decrypted by Mr. B's secret key 822 in the decryption means 823, and a common key 824 is generated. Further, the ciphertext 811 is decrypted by the common key decryption means 825 with the decrypted common key 824 to obtain plaintext 826. Since Mr. B's secret key 822 is never communicated, it cannot be decrypted even if a third party intercepts the communication.

The encrypted digest 812 is received by Mr. B's PC 821 and decrypted by the decrypting means 827 using Mr. A's public key 829, and a digest 828 is generated. By matching the plaintext 826 previously decrypted with the digest 828, it can be determined whether the digest 828 was originally generated by the plaintext 826. Since the encrypted digest 812 can be created only by Mr. A's private key 809, it can be confirmed that the plaintext 826 is created by Mr. A.
The above is the method for transmitting information using the public key method.

Next, consider a case where the information that A wants to transmit is an image of a document.
FIG. 5 is a diagram illustrating a procedure for transmitting a document image in such a case. In FIG. 5, reference numeral 901 denotes a PC of user A (Mr. A) who transmits information, 921 denotes a PC of user B (Mr. B) who receives information, and 900 denotes a network to which PC 901 and PC 921 are connected.

  In the PC 901, the image data 905 is first subjected to compression processing by the JBIG encoder 930 to generate compressed data 931. The generated compressed data 931 is encrypted by the common key encryption unit 906 using the common key 903. The reason why the public key method is not used for the encryption is that the public key method has a heavy processing load. Of course, the encrypted data cannot be decrypted without the common key 903.

  The common key 903 is encrypted by Mr. B's public key 902 and public key encryption means 904. The encrypted common key data cannot be decrypted even with Mr. B's public key 902.

  On the other hand, from the compressed data 931, a digest 907 is generated by the digest creating means 932 that is converted according to a certain rule based on the content. The digest data size may be as small as possible to serve as the signature of the image data 905. The digest 907 is encrypted by the public key encryption means 908 with Mr. A's private key 909.

  As described above, the encrypted common key data 910, the ciphertext 911, and the encrypted digest 912 are transmitted to Mr. B's PC 921 via the network 900.

  In Mr. B's PC 921, the common key data 910 is decrypted by Mr. B's secret key 922 in the decrypting means 923, and a common key 924 is generated. Further, the ciphertext 911 is decrypted by the common key decryption means 925 using the decrypted common key 924, and compressed data 933 is obtained. The compressed data 933 is decompressed by the JBIG decoder 934 to obtain image data 926. Since Mr. B's secret key 922 is never communicated, it cannot be decrypted even if a third party intercepts the communication.

  The encrypted digest 912 is received by Mr. B's PC 921 and decrypted by the decrypting means 927 using Mr. A's public key 929 to generate a digest 928. By comparing the previously decrypted compressed data 933 and the digest 928, it can be determined whether the digest 928 was originally generated from the image data 926. Here, since the encrypted digest 912 can be created only by Mr. A's private key 909, it can be confirmed that the image 926 is created by Mr. A.

In the conventional example, since the creation of the digest 907, the encryption thereof, the transmission of the image data 905 and the encryption thereof are performed by the PC 901, the load on the PC 901 is heavy.
Also in the PC 921, since the PC 921 performs the creation of the digest 928, the reception and decoding of the image data 926, the load on the PC 921 is heavy.
The present invention proposes a method of transmitting image data that reduces the load without compromising security.

The transmission device of the present invention is a transmission device that compresses and transmits image data using arithmetic coding means, and digests at least part of the contents of the learning memory at the end of arithmetic coding by the arithmetic coding means. Digest data creating means for creating digest data based on at least a part of the learning memory contents or at the time of completion of arithmetic encoding, and encrypting the digest data with the sender's private key and electronic signature It has a secret key encryption means for generating data, and a transmission means for transmitting the data encrypted by the secret key encryption means together with image data.
The receiving device of the present invention is a receiving device that decompresses transmitted compressed image data using arithmetic decoding means, and the contents of the learning memory at the end of arithmetic decoding by the calculation decoding means or at least a part thereof As digest data, or digest data creating means for creating digest data based on at least a part of the learning memory contents at the end of arithmetic decoding, and electronic signature data accompanying the transmitted compressed image data Compare the digest data generated by the digest data creation means and the digest data restored by the public key decryption means by decrypting the digest data using the sender's public key and restoring the digest data And comparing means.
In the transmission / reception method of image data according to the present invention, the transmitting device that compresses and transmits image data using arithmetic coding means uses the content of learning memory at the end of arithmetic coding or at least a part thereof as digest data, Alternatively, the digest data is created based on the learning memory contents or at least a part thereof at the end of the arithmetic encoding, and the digest data is encrypted with the sender's private key to generate the electronic signature data. The receiving device that transmits the received data together with the image data, and decompresses the transmitted compressed image data using arithmetic decoding means, the contents of the learning memory at the end of arithmetic decoding or at least a part thereof as digest data Or, create digest data based on learning memory contents or at least a part of them at the end of arithmetic decoding The electronic signature data accompanying the transmitted compressed image data is decrypted using the sender's public key to restore the digest data, and the created digest data is compared with the restored digest data to generate an image. It is characterized by performing data authentication.

  According to the present invention, it is possible to transmit and receive image data while reducing the load without sacrificing security. Further, since a digest generation process and digest generation means are not required, the apparatus is inexpensive and can be speeded up.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings.

FIG. 1 is a diagram illustrating an image communication method according to an embodiment of the present invention.
In FIG. 1, 101 is a personal computer (PC) owned by a user A (Mr. A) on the side of sending information, 121 is a PC of user B (Mr. B) on the side of receiving information, 100 is PC 101, PC 121 It is a connected network.

  In the PC 101, the image data 105 is first subjected to compression processing by the JBIG encoder 130 to generate compressed data 131.

Here, the configuration of the JBIG encoder 130 is shown in FIG.
In FIG. 2, the image data to be compressed is input to the context generation unit 201. The context generation unit 201 buffers several lines of image data, collects pixels around the target pixel to be compressed, and outputs the collected data as context data (CX). However, the reference pixels are limited to pixels that have already occurred. When the pixel corresponding to the context is outside the image area, 0 is set. In JBIG, there are two types, a two-line context and a three-line context, each of which consists of 10 pixels. Therefore, the context data CX is 10 bits. The number of lines to be held in the CX generation unit 201 only needs to be sufficient for context generation.

  The learning RAM 202 outputs a predicted value of the pixel of interest and a state value (STATE) indicating the strength of prediction using the context data as an address. The learning RAM 202 stores a predicted value of 1 bit and a state value of 7 bits for each possible context. The total is 1 byte. That is, since the context data is 10 bits, the capacity of the learning RAM 202 is 1024 bytes. The initial value of the learning RAM 202 is all 0 for all contexts, and this is a state in which white is predicted weakly.

  The predicted value and state value output from the learning RAM 202 are input to the arithmetic encoder 203. The arithmetic encoder 203 continues to recursively divide the [1, 0] section of the number line in accordance with the probability of prediction, and outputs the coordinates of the division point as an output code. Here, the probability of prediction is determined from the state value output from the learning RAM 202.

  Also, the arithmetic encoder 203 corrects the strength of prediction by overwriting the contents of the learning RAM 202 as appropriate in the course of encoding. This has the effect of improving the coding efficiency by learning the properties of the image. The content of the learning RAM 202 is updated by 8-bit data including an update signal output from the arithmetic encoder 203, a new predicted value, and a new state value.

  As described above, the JBIG encoder 130 outputs compressed data while processing image data pixel by pixel and updating the contents of the learning RAM 202 as appropriate.

  The learning RAM 202 in the present embodiment has a configuration that can be read by the CPU 140 when the decoding of the image is completed. Each value of the learning RAM 202 after the compression is a result of accumulating updates in the process of scanning each pixel of the image. Therefore, even if the difference in the image is, for example, in extreme detail, the value of the learning RAM 202 is Will almost certainly make a difference.

In this embodiment, using this property, the CPU 140 reads the contents of the learning RAM 202 when the image decoding is completed, and uses it as the digest 107 as it is, or a simple calculation using a part or all of it. To create a digest 107.
Although various methods are conceivable, the checksum value for checking the contents of the memory may be created, and the values of all the addresses may be summed to cut out the lower constant bits.

  The CPU 140 creates the digest 107 by any of the above methods. The digest data 107 is encrypted by the public key encryption means 108 with Mr. A's private key 109.

  The generated compressed data 131 is encrypted by the common key encryption unit 106 using the common key 103. The reason why the public key method is not used for the encryption is that the public key method has a heavy processing load. Of course, the encrypted data cannot be decrypted without the common key 103.

  The common key 103 is encrypted by Mr. B's public key 102 and public key encryption means 104. The encrypted common key data cannot be decrypted even with Mr. B's public key 102.

  As described above, the encrypted common key data 110, the encrypted data 111, and the encrypted digest 112 are transmitted to Mr. B's PC 121 via the network 100.

  In Mr. B's PC 121, the common key data 110 is decrypted by Mr. B's secret key 122 in the decryption means 123, and a common key 124 is generated. Further, the encrypted data 111 is decrypted by the common key decryption means 125 with the decrypted common key 124, and compressed data 133 is obtained. The compressed data 133 is decompressed by the JBIG decoder 134 to obtain image data 126. Since Mr. B's private key 122 is never communicated, it cannot be decrypted even if a third party intercepts the communication.

The encrypted digest 112 is received by Mr. B's PC 121 and decrypted by the decrypting means 127 using Mr. A's public key 129, and a digest 128 is generated. Whether or not the previously decoded compressed data 133 surely corresponds to the digest 128 can be confirmed as follows.
The JBIG decoder 134 will be described with reference to FIG.

  The context generator 301 operates in exactly the same way as the context generator 201. Further, the learning RAM 302 outputs a predicted value of the target pixel based on the context data and a state value indicating the strength of prediction to the arithmetic decoder 303.

  The compressed data given as described above represents the final coordinates obtained as a result of recursively dividing the [1, 0] section of the number line according to the probability of prediction. The arithmetic decoder 303 determines which of the coordinate points indicated by the compressed data is included when dividing the section of the number line from the prediction value and the strength of the prediction, and knows whether the prediction has been hit or not. be able to. This means that the pixel value of the target pixel has been found, and the result is output pixel by pixel as image data. The above processing is recursively repeated to decode the compressed data.

  If attention is paid to the learning RAM 302, it receives the same access as the learning RAM 202. This is because the arithmetic decoder 303 detects the degree of coincidence of the prediction values output from the learning RAM 302 and updates the contents of the learning RAM 302 using the same protocol as the arithmetic encoder 203. Accordingly, each value of the learning RAM 302 at the time when the decoding process of the compressed data is completed is equal to each value of the learning RAM 202 when the JBIG encoder 130 finishes the encoding process.

  That is, the CPU 141 reads the contents of the learning RAM 302 when the JBIG decoder 134 finishes the decoding process, creates a digest by the same method as the CPU 140, and converts the digest 128 into the digest 128 output from the decoding unit 127. By comparing, it can be seen that the digest data transmitted via the network certainly corresponds to the image data transmitted via the network. That is, it can be seen that the digest functions as an electronic signature.

  In the present invention, it goes without saying that the initial setting value at the time of compression and expansion, the initial value of learning RAM, and the like can be used in combination with a known technique that increases the secrecy by associating the common key.

(Other embodiments of the present invention)
In order to operate various devices in order to realize the functions of the above-described embodiments, a program code of software for realizing the functions of the above-described embodiments is provided to an apparatus connected to the various devices or a computer in the system. What is implemented by operating the various devices according to a program supplied and stored in a computer (CPU or MPU) of the system or apparatus is also included in the scope of the present invention.

  In this case, the program code of the software itself realizes the functions of the above-described embodiments, and the program code itself constitutes the present invention. Further, means for supplying the program code to the computer, for example, a recording medium storing the program code constitutes the present invention. As a recording medium for storing the program code, for example, a flexible disk, a hard disk, an optical disk, a magneto-optical disk, a CD-ROM, a magnetic tape, a nonvolatile memory card, a ROM, or the like can be used.

  Further, by executing the program code supplied by the computer, not only the functions of the above-described embodiments are realized, but also the OS (operating system) or other application software in which the program code is running on the computer, etc. It goes without saying that the program code is also included in the embodiment of the present invention even when the functions of the above-described embodiment are realized in cooperation with the embodiment.

  Further, after the supplied program code is stored in the memory provided in the function expansion board of the computer or the function expansion unit connected to the computer, the CPU provided in the function expansion board or function expansion unit based on the instruction of the program code Needless to say, the present invention includes a case where the functions of the above-described embodiment are realized by performing part or all of the actual processing.

  The above-described embodiments are merely examples of implementation in carrying out the present invention, and the technical scope of the present invention should not be construed as being limited thereto. That is, the present invention can be implemented in various forms without departing from the technical idea or the main features thereof.

It is a figure for demonstrating the image communication method by embodiment of this invention. It is a figure explaining the JBIG encoder periphery part inside a transmitter in this embodiment in detail. It is a figure explaining the JBIG decoder periphery part inside the receiver in this embodiment in detail. It is a figure for demonstrating the image transmission method of a prior art example. It is a figure for demonstrating the data transmission / reception method of a public key system.

Explanation of symbols

100 Network 101, 121 PC 102, 129 Public key 103, 124 Common key 104, 106, 108 Encryption means 105, 126 Image data 107, 128 Digest 109, 122 Private key 123, 125, 127 Decryption means 130 JBIG encoding 131, 133 Compressed data 134 JBIG decoder 141, 142 CPU

Claims (3)

A transmission device that compresses and transmits image data using arithmetic coding means,
The content or at least a part of the learning memory at the end of arithmetic encoding by the arithmetic encoding means is used as digest data, or the digest data based on the content or at least a part of the learning memory at the end of arithmetic encoding Digest data creation means for creating
A secret key encryption means for encrypting the digest data with a secret key of a sender and generating electronic signature data;
A transmission apparatus comprising: transmission means for transmitting data encrypted by the secret key encryption means together with image data. A receiving device that decompresses transmitted compressed image data using arithmetic decoding means,
The content or at least a part of the learning memory at the end of arithmetic decoding by the calculation decoding means is digest data, or the digest data based on the content or at least a part of the learning memory at the end of arithmetic decoding Digest data creation means for creating
Public key decryption means for decrypting digital signature data accompanying the transmitted compressed image data using the sender's public key and restoring digest data;
A receiving apparatus comprising: comparing means for comparing the digest data generated by the digest data creating means and the digest data restored by the public key decryption means. The transmitting device that compresses and transmits image data using arithmetic coding means uses the content of learning memory at the end of arithmetic encoding or at least a part thereof as digest data, or the learning memory at the end of arithmetic encoding Creating digest data based on the content or at least a part thereof, encrypting the digest data with a private key of the sender to generate electronic signature data, and transmitting the encrypted and generated data together with image data;
The receiving apparatus that decompresses the transmitted compressed image data using arithmetic decoding means uses the learning memory contents or at least a part thereof at the end of arithmetic decoding as digest data, or learning at the end of arithmetic decoding The digest data is created based on the memory contents or at least a part thereof, and the digital signature data accompanying the transmitted compressed image data is decrypted using the sender's public key to restore the digest data. A method for transmitting and receiving image data, comprising: authenticating image data by comparing the digest data and the restored digest data.

Images