JP2006109428A - Encryption method, data distribution system, encrypting apparatus, and data storage/distribution apparatus - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To effectively encrypt data as an encryption object, in a data distribution system wherein the data as the encryption object is encrypted with a transmitting apparatus, and is decrypted with a receiving apparatus. <P>SOLUTION: In a configuration wherein encryption and decryption of data as an encryption object are performed by using a random number sequence generated by a random number generation means which generates the random number sequence defined uniquely from an input parameter, the transmitting apparatus generates the input parameter based on metadata of the data as the encryption object and performs encryption, and the receiving apparatus generates the input parameter based on the metadata embedded in the data as the encryption object and performs decryption. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to an encryption method, a data distribution system, an encryption device, and a data storage / delivery device that encrypt data to be encrypted, and in particular, can effectively encrypt data to be encrypted. The present invention relates to an encryption method, a data distribution system, an encryption device, and a data storage and distribution device.

In a surveillance system for crime prevention or the like, for example, building a system using a network such as the Internet is becoming essential in terms of cost competitiveness and differentiation from conventional systems. On the other hand, in open networks such as the Internet, the risk of eavesdropping and tampering is increasing. Here, encryption and message authentication are known as countermeasure technologies for eavesdropping and tampering on the network. For example, RFC (Request for Comments) 3711, which is a standard for technology relating to the Internet, introduces RTP (Real-time Transport Protocol) packet encryption and message authentication technology (see Non-Patent Document 1).
RFC3711

  However, for example, when an encryption technique is applied to a system that accumulates images from a monitoring camera on a server via the Internet, distributes them to a client as necessary, and performs monitoring or the like at the client, there are the following problems: .

  The first problem is encryption synchronization at the time of packet loss. When encrypting content such as an image, a stream encryption method with high processing speed is often used. For example, in the external synchronous stream encryption method, the transmission side generates a ciphertext from the exclusive OR of the key stream generated by the random number generator and the plaintext, and distributes the ciphertext to the reception side via the network. On the other hand, the receiving side returns the ciphertext to plaintext from the exclusive OR of the key stream generated by the random number generator and the received ciphertext. Accordingly, if a part of the ciphertext data is lost due to packet loss, the random number generators on the transmission side and the reception side are out of synchronization, and there is a problem that the reception side cannot decrypt the ciphertext at all thereafter. As a countermeasure against this, a method of resetting the random number generator for each packet is generally performed.

  Here, in an encryption method in which an encryption key and an initial vector are input to generate a key stream by a random number generator and encryption is performed using the key stream, the generated key stream is an encryption key and an initial vector. It is uniquely determined by the combination. In such an encryption method, even if the random number generator is reset for each packet, if the encryption key or initial vector is not changed, the same key stream as the key stream applied to the previous packet is generated. Security becomes weak. In RFC 3711, which is the prior art, the initial vector is derived from the sequence number of the RTP packet header, and the reuse of the same key stream is avoided by updating the initial vector for each packet. Also, since the RTP sequence number is 16 bits, a 32-bit rollover counter is provided, and different initial vectors are derived up to 2 48 packets, and the encryption key is sent before sending 2 48 packets It is recommended to update

  The second problem relates to system key management. In a system that performs encryption, for example, key management such as encryption key setting and encryption key delivery accompanying encryption key update between the image encoding device, the image storage and delivery device, and the image decryption device. There is a problem that it becomes complicated and a load of key management for the user becomes large.

  The present invention has been made in view of such a conventional situation, and an encryption method, a data distribution system, an encryption apparatus, and a data storage and distribution apparatus capable of effectively encrypting data to be encrypted. The purpose is to provide.

  In order to achieve the above object, the encryption method according to the present invention encrypts data to be encrypted using a random number sequence generated by a random number generation unit that generates a random number sequence uniquely determined from input parameters. In the encryption method, the input parameter is generated based on metadata of the data to be encrypted.

Here, various data may be used as the data. Various data may be used as the metadata.
Further, in the encryption method according to the present invention, the metadata is embedded in the data to be encrypted or the encrypted data to be encrypted, and the encrypted data to be encrypted is stored. In the case of decoding, the input parameter is generated based on the embedded metadata.

  In the encryption method according to the present invention, encryption of a data body (for example, a portion excluding the header and the metadata) is excluded from the data to be encrypted, excluding the header and the metadata. Do.

In the encryption method according to the present invention, the input parameter is updated for each one or a plurality of units of the data to be encrypted, and the random number generation means is initialized.
In the encryption method according to the present invention, the input parameter includes an initial vector and an encryption key, the initial vector is generated based on the metadata, and the encryption key is updated from a preset value. do not do.

The present invention also provides a search method for data encrypted by the encryption method according to the present invention, wherein the encrypted data is searched based on the embedded metadata.
In order to achieve the above object, a data distribution system according to the present invention is a data distribution system in which data to be encrypted is encrypted by a transmission device and decrypted by a reception device, and the transmission device includes: Random number generation means for generating a random number sequence uniquely determined from input parameters, input parameter generation means for generating the input parameters based on metadata of the data to be encrypted, and data or encryption to be encrypted The metadata embedding means for embedding the metadata in the encrypted data to be encrypted, and the header and the metadata among the data to be encrypted using the random number sequence generated by the random number generating means Encryption means for encrypting the data main body, etc., and the receiving device includes the random number generation means and the encryption Metadata extraction means for extracting the metadata from the encrypted data to be encrypted, input parameter generation means for generating the input parameter based on the metadata extracted by the metadata extraction means, and the random number Decrypting means for decrypting a data body excluding a header and the metadata among the data to be encrypted that has been encrypted using the random number sequence generated by the generating means. Composed.

In the data distribution system according to the present invention, the input parameter is updated for each one or a plurality of units of the data to be encrypted, and the random number generation means is initialized.
In order to achieve the above object, an encryption apparatus according to the present invention is an encryption apparatus for encrypting data to be encrypted, and a random number generation means for generating a random number sequence uniquely determined from input parameters; Input parameter generation means for generating the input parameter based on the metadata of the data to be encrypted, and the metadata in the data to be encrypted or the data to be encrypted An embedding metadata embedding unit, an encrypting unit for encrypting a data body, excluding a header, the metadata, etc., among the data to be encrypted using the random number sequence generated by the random number generating unit; It is comprised so that it may comprise.

In the encryption apparatus according to the present invention, the input parameter is updated for each one or a plurality of units of the data to be encrypted, and the random number generation means is initialized.
In order to achieve the above object, the data storage / delivery device according to the present invention generates an input parameter based on metadata of data to be encrypted, and uses the random number sequence uniquely determined from the input parameter. Among the data to be encrypted, there is a storage unit for storing the encrypted data in which the metadata itself is encrypted and the data body is encrypted, excluding the header and the metadata. In accordance with a search request for the encrypted data having a desired condition from a client, the data storage / delivery device performs a search based on the metadata, and the encrypted data conforming to the search request is Configured to send to client.

  As described above, according to the encryption method, data distribution system, encryption device, and data storage / delivery device according to the present invention, the random number sequence generated by the random number generation means that generates the random number sequence uniquely determined from the input parameters When the data to be encrypted is encrypted, the input parameters are generated based on the metadata of the data to be encrypted, so that the data to be encrypted is effectively encrypted. be able to.

Hereinafter, embodiments of the present invention will be described with reference to the drawings.
FIG. 1 shows a configuration example of an image distribution system according to an embodiment of the present invention.
The image distribution system shown in FIG. 1 includes a camera 101, an image encoding device 102, an image storage / delivery device 104, an image decoding device 105, and a monitor 106. The image encoding device 102, image storage / distribution The device 104 and the image decoding device 105 are connected by a network 103 such as the Internet, for example.

  Here, the camera 101 is, for example, an NTSC TV camera, images a predetermined place, and outputs a video signal as an input image to the image encoding device 102. The image encoding device 102 compresses and encodes an input image from the connected camera 101 by, for example, an MPEG (Motion Picture Experts Group) method or a JPEG (Joint Photographic Expert Group) method, and further encodes image data. (Hereinafter referred to as encoded image data) is encrypted, and the encrypted encoded image data is output to the network 103.

  The image storage / delivery device 104 stores the encrypted encoded image data received from the network 103 in a disk device (a randomly accessible recording device for storing data) in the device, and further, for example, a client ( Based on a request from the image decoding apparatus 105), the encrypted encoded image data is distributed to the network 103.

  When receiving the encoded image data encrypted from the network 103, the image decoding device 105 performs encryption decoding and image decoding, and the decoded image data is connected to the monitor 106 connected to the image decoding device 105. Output to. The monitor 106 displays or reproduces the image that has been decrypted and decrypted.

  Here, in the image distribution system described above, for simplicity, it is assumed that one camera 101, one image encoding device 102, one image storage / distribution device 104, and one image decoding device 105 are installed. These numbers can be arbitrarily selected.

  In the image distribution system described above, the image decoding device 105 has been configured to receive encrypted image data from the image storage / distribution device 104. As another configuration example, the image decoding device 105 is illustrated. May be configured to receive encrypted image data directly from the image encoding device 102.

  Further, a device in which the functions of the camera 101 and the image encoding device 102 are integrated, a device in which the functions of the image encoding device 102 and the image storage / delivery device 104 are integrated, or the like may be used. The present invention is not limited to the above embodiment.

FIG. 2 shows a configuration example of an image encoding device according to an embodiment of the present invention.
The image encoding device 102 shown in FIG. 2 includes a camera interface unit 21, an image encoding unit 22, a metadata generation unit 23, an encryption unit 24, and a network interface unit 25.

  The camera interface unit 21 captures an input image from the camera 101 and outputs the input image to the image encoding unit 22. The image encoding unit 22 compresses and encodes the input image and outputs the encoded image data to the encryption unit 24.

  The metadata generation unit 23 includes attached information (hereinafter referred to as the ID number of the camera 101 that is the generation source of the encoded image data, the time stamp information of the encoded image data, the image frame number of the encoded image data). Are referred to as metadata) and output to the encryption unit 24.

  Here, the metadata generation unit 23 creates metadata based on one or a plurality of data. For example, the ID number of the camera 101 is generated based on the information from the camera interface unit 21, and the time stamp is generated based on the time when the encoded image data is generated by the image encoding unit 22. Various methods can be used for generating metadata, such as generating an image frame number based on counter information for counting frame numbers. In addition to the above-described metadata, for example, the metadata is installed to detect abnormalities in the imaging area such as an infrared sensor, an ultrasonic sensor, a smoke sensor, and a gas leak sensor installed in the imaging area of the camera 101. Data generated based on alarm information or the like obtained from the obtained sensor may be used.

  The encryption unit 24 reads the metadata corresponding to the encoded image data input from the image encoding unit 22 from the metadata generation unit 23, and generates a key stream used for the encryption process based on the metadata. (Details will be described later.) Encoded image data input from the image encoding unit 22 is encrypted using the generated key stream, and the encoded image data and corresponding metadata are encrypted. The data is output to the network interface unit 25.

The network interface unit 25 outputs the encrypted encoded image data input from the encryption unit 24 and the corresponding metadata to the network 103.
Next, an example of an encryption process performed by the encryption unit 24 which is a characteristic part of the present invention will be described with reference to FIGS. 3A to 6.

3A and 3B are diagrams showing the prior art of the present invention.
FIG. 3C is a diagram showing an embodiment of the encryption processing according to the present invention. FIG. 3D is a diagram showing an embodiment of the encryption / decryption processing according to the present invention.

  DES (Data Encryption Standard), AES (Advanced Encryption Standard), and the like are known as encryption algorithms used for encrypting contents such as image data and audio data. In the encryption unit 24 of this embodiment, The case where MUGI (Multi Giga cipher) published in the e-Government recommended cipher list is applied will be described.

  In this embodiment, as shown in FIG. 3C, the random number generator has a 128-bit encryption key K (secret key) and a 128-bit initial vector I (public parameter) as inputs. The random number generator initializes (resets) the internal state every time the encryption key K and the initial vector I are input, and generates a random number sequence (key stream) while repeating the state transition. Then, an encryption process for creating a ciphertext is performed by taking the exclusive OR of the key stream output from the random number generator and the plaintext for each bit.

  As will be described later, the encryption processing of this embodiment can encrypt a specific data area in one data frame. That is, the encryption processing of the present embodiment can realize a configuration in which both encrypted data (ciphertext) and non-encrypted data (plaintext) exist in one data frame.

In order to realize the data frame configuration as described above, the configuration shown in FIG. 3C may be used.
Further, although not shown in FIG. 3C, an encryption determination unit that specifies an encrypted data area and an unencrypted data area may be used. The data area determined to be encrypted by the encryption determining unit is encrypted by exclusive ORing with the key stream for each bit. Data areas other than the above are not encrypted because exclusive OR is not performed.

As a result, a data frame configuration including an encrypted area as shown in FIG.
Next, a configuration as shown in FIG. 3D may be used to decrypt a data frame containing encryption.

  Similarly to the above, although not shown in FIG. 3D, a decryption determination unit that specifies whether or not the data frame is encrypted may be used. The decryption determination unit identifies the encrypted data area, and the identified data area is exclusive-ORed with the key stream for each bit and decrypted. The data area that is not encrypted is not exclusive ORed.

As a result, a configuration of a data frame in which all plaintext is decrypted is realized.
A configuration other than the above embodiment may be used as long as it can encrypt / decrypt a predetermined data area.

  Here, the encryption unit 24 first reads the metadata corresponding to the encoded image data to be encrypted from the metadata generation unit 23, and generates the initial vector I described above based on the metadata.

  For example, as shown in FIG. 4A, as metadata of certain encoded image data, camera number “02”, shooting date “04.06.14”, shooting time “12:30:30”, image frame When the information of the number “03” is included, as shown in FIG. 4B, 16 bits (for example, “0” and “2” of the camera number “02” are respectively set from the camera number field of the metadata. This is expressed in 8 bits. The same applies to the shooting date, shooting time, and image frame number.), 48 bits from the shooting date field, 48 bits from the shooting time field, and 16 bits from the image frame number field. 23 generates a 128-bit initial vector I.

  Then, the encryption unit 24 generates a key stream from, for example, a preset encryption key K and the initial vector I described above. Here, since the generated key stream is uniquely determined by the combination of the encryption key K and the initial vector I, it is generated if the metadata used when generating the initial vector I is unique. The key stream to be used is unique, and the security risk of encryption can be avoided.

  In the example shown in FIG. 4, information such as a camera number, a shooting date, a shooting time, and an image frame number is used as metadata, and the information is an order of a camera number, a shooting date, a shooting time, and an image frame number. However, the method for generating the initial vector based on the metadata is not limited to this, and various methods may be used. That is, if the initial vector I is unique and the same key stream is not generated, it is arbitrary how the metadata generation unit 23 uses the metadata to generate the initial vector I.

  As for the initial vector generation method based on the metadata, for example, the transmission side (for example, the encryption unit 24 of the image encoding device 102) and the reception side (for example, the encryption / decryption of the image decoding device 105 described later) are preliminarily used. It is sufficient to set what has been decided in advance for both of the parts 64).

  Next, the encryption unit 24 generates encoded image data encrypted from the exclusive OR of the encoded image data input from the image encoding unit 22 and the key stream generated as described above. To do. Here, as the compression encoding method of the image encoding unit 22, various methods such as MPEG and JPEG can be applied. The present invention can be applied to any system having a data frame configuration in which metadata can be embedded.

  Here, an example of MPEG-4 will be described with reference to FIG. In MPEG-4, generally, a time series of video objects is called a VO (Video Object), each image constituting the VO is called a VOP (Video Object Plane), and a set of VOPs is a GOV (Group Of VOP). ).

FIG. 5A schematically shows an outline of the MPEG-4 stream configuration.
The actual MPEG-4 stream configuration is as defined in ISO / IEC 14496-2, but the outline is schematically shown in FIG. 5A. Video data is video object start VO (Video Object) header information area starting from code, videoobject layer start VOL (Video Object Layer) header information area starting with code, groupvop start GOV (Group of VOP) header information area starting with codes, which can be used by the user according to the application. start User data area starting with code, vop start It consists of VOPs starting with code (here called VOP code).

  The VOP is composed of a VOP code, information necessary for decoding the entire VOP (VOP header), MB (Macro Block) encoded information which is encoded information of the image body corresponding to the frame, and the like. As shown in FIG. 5A, the user data area is repeatedly followed by VOP.

  FIG. 5B shows a position where encryption is performed in the encryption processing according to an embodiment of the present invention in the MPEG-4 encoded image data. As shown in FIG. 5B, the encryption unit 24 encrypts only the MB encoded information of the MPEG-4 encoded image data.

  FIG. 5C shows a position where the metadata used in the encryption process according to the embodiment of the MPEG-4 encoded image data is embedded. For each GOV, the encryption unit 24 generates an initial vector I based on metadata corresponding to the GOV, encrypts the MB encoded information, and, as shown in FIG. The metadata used for generating the initial vector I is embedded in the user data area of the GOV of the stream -4, and the encrypted encoded image data is output to the network interface unit 25.

FIG. 6 shows an example of a processing procedure when encrypting MPEG-4 encoded image data according to an embodiment of the present invention.
First, when detecting a new GOV, the encryption unit 24 reads metadata corresponding to the GOV from the metadata generation unit 23, and embeds the read metadata in the user data area of the GOV (step S601).

Next, the encryption unit 24 generates an initial vector I-1 based on the metadata read from the metadata generation unit 23 (step S602).
The initial vector generation method is as described above. In the case of MPEG-4 encoded image data, the frame number and time stamp of the metadata correspond to, for example, the first VOP of the GOV. (The youngest frame number or the oldest time stamp among the VOPs constituting the GOV) is used.

Next, the encryption unit 24 resets the random number generator (step S603), and generates a key stream from the initial vector I-1 and a preset encryption key K (step S604). Then, encryption is performed by exclusive OR of the generated key stream and the MB encoded information of the MPEG-4 encoded image data (step S605). Thereafter, the encryption unit 24 detects the next GOV (for example, next, video object start Until the code is detected), encryption of the MB encoded information is repeatedly performed with the generated key stream (NO in step S606).

Here, for example, when a VOP code or the like is detected, the encryption can be performed only on the MB encoded information by skipping the encryption to the position of the next MB encoded information.
On the other hand, when the next GOV is detected (YES in step S606), the encryption unit 24 reads the metadata corresponding to the GOV from the metadata generation unit 23 in the same manner as described above, and based on the read metadata. The initial vector I-2 is generated, and thereafter, the MB encoded information of the GOV is encrypted using the new key stream generated using the initial vector I-2 (steps S601 to S605).

Hereinafter, when the next GOV is detected, the encryption unit 24 generates an initial vector In (n = 3, 4, 5,...), And performs the same encryption process as described above.
As described above, according to the processing procedure shown in FIG. 6, the initial vector I is updated for each GOV, and the random number generator is reset for each GOV, that is, for each frame of the image.

  According to the processing procedure shown in FIG. 6, the metadata is embedded in the encoded image data in step S601 before the encryption in step S605. The timing for embedding the metadata is the timing described above. For example, various timings such as embedding metadata after encryption may be used.

  Next, the image storage / delivery device 104 will be described. The image storage / delivery device 104 stores, for example, encoded image data (encrypted data) encrypted in the format shown in FIG. 5 (c), and encrypts it via the network 103 as required by the client. Distribution of digitized data.

  As described above, for example, in the case of MPEG-4 encoded image data, encryption is performed only on MB encoded information, and a VO header information area, a VOL header information area, a GOV header information area, a VOP Since information necessary for image search and distribution, such as codes and VOP headers, is not encrypted, the image storage / delivery device 104 can handle encrypted data in the same way as non-encrypted data.

  For this reason, for example, a non-encrypted camera and an encrypted camera in the same system, such as encrypting image data of a certain camera 101 and not encrypting image data of another camera 101. Coexistence is possible.

  In addition, as described above, in this embodiment, since encryption is not performed for the user data area in which metadata is embedded, a configuration in which metadata is embedded in the user data area is also used for non-encrypted data. For example, metadata can be used in common for both encrypted data and non-encrypted data such as image search.

  Thereby, for example, a client (decryption device, data terminal, etc.) can search encrypted data and non-encrypted data at a time using metadata. The retrieved encrypted data may be decrypted using a decryption device as necessary. In other words, a device (or user) that does not have a key to decrypt can retrieve encrypted data but cannot view the decrypted data.

  In the above, the configuration example in which only the MB encoded information is encrypted has been described. However, even the VOP header or the like may be appropriately encrypted except for the information necessary for image search and distribution. .

Next, the image decoding device 105 will be described. FIG. 7 shows a configuration example of an image decoding apparatus according to an embodiment of the present invention.
The image decryption apparatus 105 shown in FIG. 7 includes a network interface unit 71, an encryption / decryption unit 72, an image decryption unit 73, and a monitor interface unit 74.

  The network interface unit 71 receives the encoded image data encrypted from the network 103, and outputs the received encoded image data to the encryption / decryption unit 72.

The encryption / decryption unit 72 decrypts the encrypted encoded image data, and outputs the encoded image data to the image decoding unit 73.
The image decoding unit 73 decodes the encoded image data and outputs the decoded image data to the monitor interface unit 74.

  The monitor interface unit 74 outputs the decoded image data to the monitor 106. As the image decryption apparatus 105 operates as described above, the encrypted encoded image data is decrypted, and the image subjected to the decryption and the decryption of the image is displayed or reproduced on the monitor 106.

Here, an example of the operation of the encryption / decryption unit 72 will be described taking the case of MPEG-4 encoded image data as an example.
When receiving the encoded image data encrypted in the format shown in FIG. 5C from the network interface unit 71, the encryption / decryption unit 72 performs an encryption decoding process. That is, when the encryption / decryption unit 72 detects the GOV of the encrypted encoded image data, the encryption / decryption unit 72 extracts the metadata embedded in the user data area.

  Then, after the encryption / decryption unit 72 generates the initial vector I based on the extracted metadata and resets the random number generator, similarly to the processing of the encryption unit 24 of the image encoding device 27 described above, As shown in FIG. 3D, a key stream is generated from an initial vector I and a preset encryption key K.

Contrary to the encryption processing described above, the encryption of the MB encoded information is performed by exclusive OR of the generated key stream and the encrypted MB encoded information.
Thereafter, the encryption / decryption unit 72 performs the decryption of the MB encoded information encrypted with the generated key stream until the next GOV is detected. When the next GOV is detected, the encryption / decryption unit 72 newly extracts metadata in the user data area of the GOV, generates an initial vector from the metadata in the same manner as described above, and generates a key stream. Then, the subsequent decryption process is performed on the encrypted MB encoded information.

  In the image distribution system according to the present embodiment, the encryption key K needs to be shared between the image encoding device 102 and the image decoding device 105. In this case, for example, the encryption key K may be shared by a conventionally known method, such as a method of setting the encryption key K in advance at the time of system shipment or a method in which the system administrator sets the encryption key K during system operation. Is possible.

  As for the update of the encryption key K, for example, if the initial vector is 128 bits as described above, the same key stream is normally not generated during the product lifetime, and the encryption key K set initially is not generated. However, the system administrator or the like may set a new encryption key K as necessary.

  Further, even in a system including a plurality of image encoding devices 102 and a plurality of image decoding devices 105, if a unique initial vector is generated so as to avoid generation of the same key stream, the security of encryption is weak. Therefore, one encryption key K may be shared in the system.

  As described above, in the image distribution system according to the present embodiment, the image encoding device 102 encodes an input image from the camera 101 and generates metadata corresponding to the encoded image data. And means for encrypting the encoded image data. The means for encrypting the encoded image data generates an initial vector based on the metadata corresponding to the encoded image data to be encrypted. The key stream is generated from the encryption key and the initial vector, and the image data encoded by the key stream is encrypted.

  The means for encrypting the encoded image data updates the initial vector used for generating the key stream and resets the random number generator in units of images (for example, a plurality of frames of images).

  Therefore, in the image distribution system according to the present embodiment, by resetting the random number generator in units of images, it is possible to restore encryption synchronization in units of images even if packet loss occurs on the transmission path.

  Also, for example, by including the camera number, shooting date / time, and image frame number in the metadata in the initial vector, it is possible to generate a unique key stream in the system, and the key stream can be obtained without updating the encryption key. Can be avoided.

  Therefore, it is possible to avoid weakening of the security of encryption due to reuse of the key stream. In addition, since the data length in image units is generally longer than the data length of the packet, the initial vector update frequency is lower than in the conventional example, and the overhead of encryption and decryption associated with the initial vector update is reduced. be able to.

  Further, in the image distribution system according to the present embodiment, a unique key stream can be generated in the system using the initial vector updated in units of images, so that one encryption key can be shared in the system. Therefore, it is possible to construct a system with a single encryption key that does not require updating, and a reduction in system development cost can be expected.

  In addition, in the system, key management such as encryption key setting and key distribution accompanying encryption key update is simplified, and the burden of key management is reduced for the user. Therefore, an easy-to-use system can be provided. it can.

  Also, the encryption method according to the present embodiment can be applied to a multi-encoder corresponding to a plurality of types of codecs such as MPEG compression, JPEG compression, and audio compression. Also in this case, if the initial vector of each codec is set to a unique value based on the metadata, it is possible to generate a unique key stream for each codec even if the same encryption key is shared.

  Further, the image storage / delivery device 104 of the image distribution system according to the present embodiment stores the encrypted image data and metadata output from the image encoding device 102, and when searching for the encrypted image data, the metadata is stored in the metadata. By using the information or the like as a search key, it is possible to search for encrypted image data and to distribute the encrypted image data in an encrypted state.

In addition, since the image storage / delivery device 104 can handle the encrypted data in the same manner as the non-encrypted data, the non-encrypted camera and the encrypted camera can coexist in the same system.
Further, in the image distribution system according to the present embodiment, since the initial vector can be derived from the stream data, the additional bit for the initial vector by encryption becomes unnecessary, and the system bandwidth can be effectively used.

Further, since encryption is performed in the application layer, it is not necessary to change a lower layer accompanying encryption, and packet header compression can be applied.
In addition, since the existing system is not affected, the system can be easily introduced.

  In addition, since the image decoding apparatus 105 of the image distribution system according to the present embodiment generates a key stream using metadata embedded in the received encrypted encoded image data, If the metadata is tampered with, the decryption of the encryption will not be performed correctly. In other words, if there is no abnormality in the reproduced image, the metadata can be trusted, and the tampering can be confirmed at a glance.

  In this embodiment, for MPEG-4 encoded image data, when encrypting the MB encoded information of each GOV, an initial vector is generated based on the metadata of the GOV. As an example of the configuration, an initial vector may be generated on the basis of the metadata of the GOV before or after the GOV.

  However, if the initial vector is generated based on the metadata of each GOV itself, that is, if the encryption process is performed independently for each image frame, even if packet loss occurs in the transmission path, There is an effect that it is possible to minimize the influence of packet loss when performing decryption on the receiving side.

  Here, in the present embodiment, when MPEG-4 encoded image data is encrypted, the initial vector is updated for each GOV and the encryption is performed. However, as another configuration example, A configuration in which encryption is performed by updating the initial vector for each VOP may be used. Next, this will be described with reference to FIGS.

FIG. 8 shows an example of a processing procedure when encrypting MPEG-4 encoded image data according to an embodiment of the present invention by updating the initial vector for each VOP.
That is, when the encryption unit 24 first detects a new GOV, it reads the metadata corresponding to the GOV from the metadata generation unit 23 and embeds the read metadata in the user data area of the GOV (step S701). .

  Next, as shown in FIG. 9, the encryption unit 24 has metadata such as a camera number and a shooting date (FIG. 9A), and a VOP number assigned to each VOP (FIG. 9B). ), An initial vector I is generated as shown in FIG. 9C (step 702).

  Note that the VOP number is a kind of metadata and may be generated by the metadata generation unit 23 or may be generated by counting the number of VOPs by the encryption unit 24, for example.

  Next, the encryption unit 24 resets the random number generator (step S703), and generates a key stream from the initial vector I and a preset encryption key K (step S704).

  Then, encryption is performed by exclusive OR of the generated key stream and the MB encoded information of the VOP corresponding to the VOP number (step S705). Also, as shown in FIG. 10, the VOP number is embedded as an additional bit immediately after the VOP header (step S706).

  The position where the VOP number is embedded is not limited to the position immediately after the VOP header. For example, the position where the VOP number is embedded, such as an area for 1 byte after the VOP header, is set in advance on the transmission side and the reception side. It is sufficient to set what has been decided in advance for both parties.

  Further, as will be described later, since the VOP number needs to be used when decrypting the encryption of each VOP on the receiving side, the VOP number embedded in the stream is not encrypted.

  Thereafter, when the next GOV is not detected (NO in step S707), the encryption unit 24 uses the VOP number associated with the VOP (for example, a number increased by 1 from the VOP number of the previous VOP) and the above meta. Generate an initial vector I for each VOP from the data, reset the random number generator, generate a key stream from the initial vector I and a preset encryption key K, and correspond to the VOP number in the generated key stream Encryption processing for VOP MB encoded information and embedding of the VOP number are repeated (steps S702 to S706).

  On the other hand, when the next GOV is detected (YES in step S707), the metadata corresponding to the GOV is read from the metadata generation unit 23 as described above, and the VOP number and metadata associated with the VOP are read. The encryption process is similarly performed while updating the initial vector I for each VOP.

  In this embodiment, a configuration using a VOP number for generating the initial vector I in order to generate a unique initial vector I for each VOP and avoid reusing the key stream used for encryption of the previous VOP. However, information other than the VOP number may be used, and a unique initial vector I for each VOP may be obtained by various other methods such as changing the arrangement order of metadata when generating the initial vector I. May be configured to generate.

  In addition to the configuration in which the VOP number is embedded in the MPEG-4 stream as an additional bit as described above, for example, a unique initial vector I is generated for each VOP based on the unique information of each VOP included in the VOP. A configuration may be used.

  Next, an example of the operation in the image decoding apparatus 105 that has received MPEG-4 encoded image data that has been encrypted by updating the initial vector in units of VOP as described above will be described.

  When receiving the encoded image data encrypted in the format shown in FIG. 10 from the network interface unit 71, the encryption / decryption unit 72 of the image decoding apparatus 105 performs an encryption decoding process. That is, when the encryption / decryption unit 72 detects the GOV of the encrypted encoded image data, the encryption / decryption unit 72 extracts the metadata embedded in the user data area.

When detecting the VOP code, the encryption / decryption unit 72 extracts the VOP number embedded immediately after the VOP header as an additional bit.
Then, similar to the processing of the encryption unit 24 described above, after generating the initial vector I-1 based on the extracted metadata and the VOP number, resetting the random number generator, the initial vector I-1; A key stream is generated from the preset encryption key K.

Then, contrary to the above-described encryption processing, the encryption of the MB encoded information is decrypted by exclusive OR of the generated key stream and the encrypted MB encoded information.
Thereafter, when detecting the next VOP code, the encryption / decryption unit 72 extracts the VOP number embedded immediately after the VOP header as an additional bit, and obtains the initial vector I-2 based on the metadata and the VOP number. Generate.

  Then, after resetting the random number generator, a key stream is generated from the initial vector I-2 and the encryption key K set in advance, and the MB encoded information encrypted with the generated key stream Decrypt the cipher.

  When the next GOV is detected, metadata in the user data area of the GOV is newly extracted and the initial vector I is updated for each VOP using the VOP number in the same manner as described above. Decrypt.

  Thus, according to the processing procedure shown in FIG. 8, the random number generator is reset for each VOP, that is, for each frame of the image. Thereby, even when packet loss occurs on the network 103 and the random number generators on the transmission side and the reception side are out of synchronization, the random number generator can be synchronized from the decoding of the next VOP, Encryption synchronization can be restored in units of image frames.

  In this case, since the initial vector I is updated to a unique value for each VOP, a unique key stream can always be used, and reuse of the same key stream can be avoided.

  As another configuration example, a configuration may be used in which the random number generator is reset in units of VOPs and the initial vector I is updated in units of GOV. It goes without saying that the same key stream is generated for resetting the generator, which lowers the security of the encryption.

  In this example, since the VOP number is inserted as an additional bit into the stream, the data transmission efficiency is lowered accordingly. However, since the VOP number embedded in the stream can be extracted and used for decryption on the receiving side, even if a packet loss occurs on the network 103, the VOP number of the transmitting side and the receiving side There is no fear of loss of synchronization, and it is possible to always perform the decryption of the encryption correctly.

Next, an example of a configuration for encrypting JPEG encoded image data will be described with reference to FIG.
As shown in FIG. 11A, JPEG encoded image data includes single markers such as SOI (Start Of Image) and EOI (End Of Image), APP0 (Application type 0), and SOF 0 (Start Of Frame type 0). , SOS (Start Of Scan) and the like, and a marker segment composed of additional information, and a coding segment which is an image main body.

  Here, as illustrated in FIG. 11B, the encryption unit 24 performs encryption only on the encoded segment of the JPEG encoded image data. That is, when the SOI is detected, the encryption unit 24 reads the metadata corresponding to the image frame from the metadata generation unit 23, generates the initial vector I based on the metadata, resets the random number generator, A key stream is generated from the vector I and a preset encryption key K.

  Then, the encryption unit 24 performs encryption by exclusive OR of the generated key stream and the encoded segment. When the next SOI is detected, the encryption unit 24 similarly reads the corresponding metadata from the metadata generation unit 23, generates an initial vector I based on the metadata, and uses the new key stream to generate the encoded segment. Encrypt.

  Note that when the encryption unit 24 detects another marker or the like between the SOI of one image frame and the SOI of the next image frame, the encryption unit 24 skips encryption to the position of the next encoded segment. Only the encoded segment can be encrypted.

  Then, the encryption unit 24 embeds the metadata used for the encryption in the APP0 marker segment of the JPEG image and outputs it to the network interface unit 25 as shown in FIG.

  On the other hand, when receiving the encoded image data encrypted in the format shown in FIG. 11C, the image decoding apparatus 105 extracts the metadata embedded in the APP0 marker segment, and based on the metadata, the initial vector I Is generated.

  Then, the image decryption apparatus 105 generates a key stream from the initial vector I and a preset encryption key K, and, contrary to the encryption process described above, the key stream and the encoded segment The cipher is decrypted by the exclusive OR of.

  In the above-described configuration, it is assumed that the initial vector I is updated and the random number generator is reset for each frame of the JPEG image. However, when encoding JPEG encoded image data, for example, The initial vector I may be updated or the random number generator may be reset every plural frames such as every five frames.

  In this case, in the above-described configuration, for example, the initial vector I may be generated based on the metadata corresponding to the first frame among the five frames, or, for example, the initial vector I may be combined by combining the metadata for five frames. May be generated.

  Here, in the present embodiment, the configuration for encrypting the encoded image data in the MPEG-4 format or the JPEG format is shown. However, as another configuration example, the configuration and operation similar to the above are applied to other encoding formats. The present invention can be applied to the encryption of image data.

Also, the same configuration and operation as described above can be applied to encryption of stream data such as audio data other than image data.
In the image encoding apparatus 102 of this example, a random number generation unit is configured by the function of the encryption unit 24, and an input parameter generation unit is configured by the functions of the metadata generation unit 23 and the encryption unit 24. The metadata embedding unit is configured by the function of the encryption unit 24, and the encryption unit is configured by the function of the encryption unit 24.

  Further, in the image decryption apparatus 105 of this example, a random number generation unit is configured by the function of the encryption / decryption unit 72, and a metadata extraction unit is configured by the function of the encryption / decryption unit 72. An input parameter generation unit is configured by the function of the unit 72, and a decryption unit is configured by the function of the encryption / decryption unit 72.

  Here, the configurations of the image distribution system, the image encoding device, the image decoding device, and the like according to the present invention are not necessarily limited to those described above, and various configurations may be used. The present invention can also be provided as, for example, a method or method for executing the processing according to the present invention, a program for realizing such a method or method, or a recording medium for recording the program. It is also possible to provide various devices and systems.

  The application field of the present invention is not necessarily limited to the above-described fields, and the present invention can be applied to various fields. As an application example, in addition to the monitoring purpose, for example, it can be realized as a system such as a kindergarten athletic meet or a purpose of watching sports such as baseball.

  In addition, as various processes performed in the image distribution system, the image encoding device, the image decoding device, and the like according to the present invention, for example, in a hardware resource including a processor and a memory, the processor is stored in a ROM (Read Only Memory). A configuration controlled by executing a stored control program may be used, and for example, each functional unit for executing the processing may be configured as an independent hardware circuit.

  The present invention can also be understood as a computer-readable recording medium such as a floppy (registered trademark) disk or a CD (Compact Disc) -ROM storing the control program, and the program (itself). The processing according to the present invention can be performed by inputting the program from the recording medium to the computer and causing the processor to execute the program.

It is a figure which shows the structural example of the image delivery system which concerns on one Example of this invention. It is a figure which shows the structural example of the image coding apparatus which concerns on one Example of this invention. It is a figure which shows the structural example of an encryption process. It is a figure which shows the structural example of an encryption / decryption process. It is a figure which shows the structural example of the encryption process which concerns on one Example of this invention. It is a figure which shows the structural example of the encryption / decryption process which concerns on one Example of this invention. It is a figure for demonstrating an example of the production | generation method of the initial vector which concerns on one Example of this invention. It is a figure which shows the structural example of the encoding image data which concern on one Example of this invention. It is a figure for demonstrating an example of the procedure of the encryption process of the coding image data which concerns on one Example of this invention. It is a figure which shows the structural example of the image decoding apparatus which concerns on one Example of this invention. It is a figure for demonstrating an example of the procedure of the encryption process of the coding image data which concerns on one Example of this invention. It is a figure for demonstrating an example of the production | generation method of the initial vector which concerns on one Example of this invention. It is a figure which shows the structural example of the encoding image data which concern on one Example of this invention. It is a figure which shows the structural example of the encoding image data which concern on one Example of this invention.

Explanation of symbols

101: Camera, 102: Image encoding device, 103: Network, 104: Image storage / delivery device, 105: Image decoding device, 106: Monitor

Claims (11)

An encryption method for encrypting data to be encrypted using a random number sequence generated by random number generation means for generating a random number sequence uniquely determined from input parameters,
An encryption method, wherein the input parameter is generated based on metadata of data to be encrypted. The encryption method according to claim 1,
The metadata is embedded in the data to be encrypted or the data to be encrypted that has been encrypted,
An encryption method, wherein when decrypting the encrypted data to be encrypted, the input parameter is generated based on the embedded metadata. The encryption method according to claim 2, wherein
An encryption method comprising: encrypting a data body excluding a header and the metadata among the data to be encrypted. The encryption method according to any one of claims 1 to 3,
An encryption method, wherein the input parameter is updated every one or a plurality of units of the data to be encrypted, and the random number generation means is initialized. The encryption method according to claim 4, wherein
The input parameter consists of an initial vector and an encryption key,
The initial vector is generated based on the metadata,
The encryption method, wherein the encryption key is not updated from a preset one. A method for retrieving data encrypted by the encryption method according to claim 3, comprising:
A search method, wherein the encrypted data is searched based on the embedded metadata. A data distribution system in which data to be encrypted is encrypted by a transmission device and decrypted by a reception device,
The transmission device includes a random number generation means for generating a random number sequence uniquely determined from input parameters;
Input parameter generation means for generating the input parameter based on metadata of the data to be encrypted;
Metadata embedding means for embedding the metadata in the data to be encrypted or the encrypted data to be encrypted;
An encryption unit that encrypts a data body excluding a header, the metadata, etc., among the data to be encrypted using the random number sequence generated by the random number generation unit,
The receiving device includes the random number generation means,
Metadata extraction means for extracting the metadata from the encrypted data to be encrypted;
Input parameter generation means for generating the input parameter based on the metadata extracted by the metadata extraction means;
Decrypting means for decrypting a data body excluding a header and the metadata among the data to be encrypted that is encrypted using the random number sequence generated by the random number generating means, The
A data distribution system characterized by that. The data distribution system according to claim 7, wherein
A data distribution system, wherein the input parameter is updated every one or a plurality of units of the data to be encrypted, and the random number generation means is initialized. An encryption device that encrypts data to be encrypted,
Random number generation means for generating a random number sequence uniquely determined from input parameters;
Input parameter generation means for generating the input parameter based on metadata of the data to be encrypted;
Metadata embedding means for embedding the metadata in the data to be encrypted or the encrypted data to be encrypted;
An encryption unit that encrypts a data main body, excluding a header, the metadata, etc., among the data to be encrypted using the random number sequence generated by the random number generation unit;
An encryption device characterized by that. The encryption device according to claim 9, wherein
An encryption apparatus, wherein the input parameter is updated for each one or a plurality of units of the data to be encrypted, and the random number generation means is initialized. Data that generates input parameters based on metadata of data to be encrypted, and excludes headers, metadata, etc. from the data to be encrypted using a random number sequence that is uniquely determined from the input parameters A data storage / delivery device having encrypted data obtained by encrypting a main body and having a storage unit for storing the encrypted data in which the metadata is embedded,
A search based on the metadata is performed in response to a search request for the encrypted data having a desired condition from a client, and the encrypted data conforming to the search request is transmitted to the client. Data storage and delivery device.

Images