JP2010251877A - Signature device - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To overcome the problems that the signature processing time and the signature verification time take a time by times of the number of hierarchies compared with non hierarchical data, and relationship between hierarchies can not be verified, i.e. assurance of authenticity is difficult for the whole video data, if data are signed for every hierarchical data in hierarchically encoded video image data. <P>SOLUTION: A signature device calculates a hash value for each of hierarchical data constituting hierarchically encoded video image data. By repeating processing for combining a plurality of calculated hash values to two in hierarchical order of hierarchical data to calculate a hash value, the device calculates one hash value for the video image data. Based on the one hash value, the device generates signature information. Then, the device generates a second signature information for the video image data so as to include the signature information and each hash value combined until the one hash value is calculated. <P>COPYRIGHT: (C)2011,JPO&INPIT

Description

  The present invention relates to a technique for generating a signature from hierarchically encoded data and verifying the generated signature.

  In a video surveillance system in which a surveillance camera is installed in an area to be monitored, video captured by the surveillance camera is transmitted to a surveillance center such as a security company through a network, and remote locations are collectively monitored, surveillance video (for example, JPEG Are stored in a video recording apparatus installed in a monitoring center or the like for a long period of time, but application of a digital signature is desired in order to ensure evidence of the stored video.

  On the other hand, for the purpose of effective use of the transmission band, codecs that generate high-definition images for large screens and low bit-rate images for mobile phones with a single encoding process have recently appeared on the market using hierarchical encoding technology. ing. Hierarchically encoded video data is composed of data consisting of multiple layers such as low resolution data, medium resolution data, and high resolution data, and low resolution video is reproduced from low resolution data that is a lower layer. The medium resolution video is reproduced from the low resolution data and the medium resolution data which is the middle hierarchy, and the high resolution video is reproduced from the low resolution data, the middle resolution data and the high resolution data which is the upper hierarchy.

  In video applications that employ hierarchical coding technology, in order to make effective use of the storage capacity of the video recording device, new video of the recorded video is stored with high image quality, and the higher-level data is sequentially stored as the storage period increases. There is a need to save old videos with low image quality by erasing them.

  In this way, when deleting the upper layer data of the video data, as a signature technique for guaranteeing the authenticity of the remaining data, for example, a technique described in Patent Document 1 may be used to sign each layer data. Conceivable.

JP 2008-178048 A

  However, when the signature is performed for each hierarchical data, the signature processing time and the signature verification time are multiplied by the number of layers compared to the case where the hierarchical data is not hierarchized. Further, since the signature generation processing and signature verification processing are performed independently between layers, it is not possible to verify the relationship between layers such that certain high layer data is an upper layer of some low layer data. That is, there is a problem that it is difficult to guarantee authenticity as video data composed of a plurality of hierarchical data.

  SUMMARY OF THE INVENTION Accordingly, an object of the present invention is to solve the above-described problems and to provide a signature device that can guarantee the authenticity of video data even when hierarchically encoded data is deleted.

  In order to solve the above problems, the present invention provides a signature device that generates signature information for hierarchically encoded video data, each of the hierarchical data constituting each hierarchy of the hierarchically encoded video data. One hash value for the video data by repeating a hash value calculation means for calculating a hash value for the video data and a process for calculating the hash value by combining two of the calculated hash values in the hierarchical order of the hierarchical data A second hash value calculating means for calculating the signature information, a signature information generating means for generating signature information based on the one hash value, the signature information for the hierarchically encoded video data, and the one Second signature information generating means for generating second signature information including each hash value combined until a hash value is calculated. To propose a signature device to butterflies.

  As a result, even if a part of the hierarchical data is deleted in an apparatus for recording and reproducing the signed video data with the second signature information generated by the signature apparatus of the present invention, the video It is possible to verify the signature to ensure the authenticity of the data.

  As described above, according to the present invention, since the hash value combined with the hash value of the hierarchical data constituting each hierarchy is included in the second signature information, a part of the hierarchical data is deleted. In addition, the signature can be verified using the hash value of the deleted hierarchical data included in the signature. Also, since the calculated one hash value is one hash value for video data composed of a plurality of hierarchical data, the authenticity as video data can be ensured.

  In addition, since a signature is generated for video data composed of a plurality of hierarchical data, the signature generation processing and signature verification processing can be speeded up as compared with the case where a signature is generated for each layer.

  Furthermore, for example, when calculating one hash value for video data, by repeating the process of calculating the hash value by combining two hash values calculated from the hierarchical data in the hierarchical order of the hierarchical data, the upper hierarchical data is The collected hash values can be included in the signature, and the signature verification process when deleting hierarchical data can be speeded up.

  That is, according to the present invention, it is possible to provide an efficient signature method that can cope with data deletion in hierarchically encoded data and can guarantee the authenticity of video data.

It is a figure which shows the structural example of a video signature system. 2 is a diagram illustrating a configuration example of a signature device 105. FIG. 2 is a block diagram illustrating a configuration example of a signature device 105. FIG. 2 is a diagram illustrating a configuration example of a verification device 106. FIG. 3 is a block diagram illustrating a configuration example of a verification device 106. FIG. 6 is a diagram illustrating specific processing in a signature processing unit 212 of the signature device 105. FIG. It is a figure which shows the specific example of the video data with a signature produced | generated by the signature apparatus. 6 is a diagram illustrating specific processing in a signature verification unit 412 of the verification device 106. FIG. 6 is a diagram illustrating specific processing in a signature processing unit 212 of the signature device 105. FIG. 2 is a diagram illustrating a configuration example of a signature device 105. FIG. 6 is a diagram illustrating specific processing in a random number acquisition unit 217 and binary tree generation unit 218 of the signature device 105. FIG.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings. In the drawings referred to in the following description, the same parts as those in the other drawings are denoted by the same reference numerals.

(Embodiment 1)
(Configuration of video signature system)
FIG. 1 is a diagram showing a configuration example of a video signature system using a signature device according to the present invention. The video signature system shown in FIG. 1 includes video generation devices 101a and 101b, an encoder 102, a recording device 103, a display device 104, a signature device 105, and a verification device 106.

  The video generation device 101 a, the encoder 102, the recording device 103, the display device 104, and the signature device 105 are configured to be able to transmit / receive information to / from each other via the network 110. In the present embodiment, the verification device 106 is not connected to the network 110, but may be connected to the network 110.

  The video generated by the video generation devices 101 a and 101 b is transmitted as video data to the recording device 103 after necessary processing is performed by the encoder 102. The recording device 103 records and holds the transmitted video data, and transmits it to the display device 104 and other recording devices (not shown) as necessary. In addition, the signature device 105 performs a process of generating a signature for the video data and adding the signature to the video data. The verification device 106 performs processing for verifying the signature attached to the signed video data. Hereinafter, each device will be described in detail.

(Configuration of video generation device)
The video generation devices 101a and 101b are configured by a camera or the like including an image sensor, and have a video processing unit (not shown) that converts input light into an electrical signal to generate video data. In addition, the video generation devices 101a and 101b store video data in a storage unit (not shown) within the video generation devices 101a and 101b, and requests from at least one of the other video generation devices, the recording device 103, and the display device 104, or The video generation apparatuses 101 a and 101 b have a distribution function of distributing to at least one of the video generation apparatus, the recording apparatus 103, and the display apparatus 104 via the network 110 based on the determination of the video generation apparatuses 101 a and 101 b themselves. Here, the judgment of the video generation apparatuses 101a and 101b itself refers to, for example, a case where a moving object is detected based on a difference of captured video data.

(Encoder configuration)
The encoder 102 has a function of converting the video data generated by the video generation apparatuses 101a and 101b into a format suitable for network transmission. For example, when the video data is an analog video signal, conversion processing to a digital video signal is performed, or compression processing is performed according to the transmission band of the network. Note that the video generation apparatus 101a includes an encoder 102 therein.

  The encoder 102 performs hierarchical encoding processing of video data. Specifically, the video data is data composed of a plurality of layers such as low resolution data, medium resolution data, and high resolution data according to the resolution.

  In the present embodiment, the video generation apparatus 101b and the encoder 102 have been described as separate apparatuses, but these may be realized in the same apparatus (housing).

(Configuration of recording device)
The recording device 103 receives video data distributed by the video generation devices 101a and 101b or other recording devices (not shown) and stores them in a storage unit (not shown) within itself. (Not shown).

  The storage control unit of the recording apparatus 103 performs control to arbitrarily extract one or more video data from a plurality of received video data and store them in the storage unit (hereinafter referred to as “extract storage”). Is also possible. The video data not extracted is not stored in the storage unit but discarded. When performing excerpt saving, the number of video data to be excerpt saved may be set so that the recording apparatus 103 accepts external settings, or the video apparatus 101a, 101b determines what is determined by the recording apparatus. 103 may be set.

  In addition, the storage control unit of the recording apparatus 103 can arbitrarily delete one or more hierarchical data from the received video data and store it in the storage unit. The deleted hierarchical data is not stored in the storage unit but is discarded. When deleting hierarchy data, the hierarchy to be deleted may be set to accept external settings in the recording apparatus 103, or determined in the video generation apparatuses 101a and 101b and set in the recording apparatus 103. It may come to be.

  In addition, the recording device 103 transmits video data to the other recording device or display device 104 via the network 110 according to a video request from at least one of the other recording device and the display device 104 or based on the determination of the recording device 103 itself. It also has a distribution function to distribute to

(Configuration of display device)
The display device 104 includes a display processing unit (not shown) that controls processing for receiving and displaying video data from the recording device 103. In addition, the display processing unit can arbitrarily extract at least one of the received video data and store it in its own storage unit (not shown). Video data that has not been extracted is discarded. When excerpt saving is performed, the number of video data to be excavated and saved may be set so that the display device 104 accepts external settings, or is determined by the video generating devices 101a and 101b or the recording device 103. The display device 104 may be set.

  The display processing unit can arbitrarily delete at least one hierarchical data from the received video data and save it in the storage unit. The deleted hierarchical data is discarded. When deleting the hierarchy data, the hierarchy of the data to be deleted may be received from the outside by the display device 104, or determined and displayed by the video generation devices 101a, 101b or the recording device 103. It may be set in the device 104.

(Configuration of signature device)
The signature device 105 performs processing for generating a signature for the hierarchically encoded video data and adding the signature to the video data. FIG. 2 is a diagram illustrating a configuration example of the signature device according to the present embodiment. The signature device 105 includes a control unit 210, a storage unit 220, a transmission / reception unit 230, an input unit 240, and an output unit 250. The control unit 210 includes an overall control unit 211 and a signature processing unit 212. The storage unit 220 includes a video data storage unit 221 and a signed data storage unit 222.

  The overall control unit 211 has a function of controlling the entire processing in the signature device 105. Also, the video data storage unit 221 stores a plurality of video data captured by the video generation apparatuses 101a and 101b and converted into a predetermined data format. The signature processing unit 212 generates signed video data by adding a signature to the video data stored in the video data storage unit 221. The generated signed video data is stored in the signed data storage unit 222. The input unit 240 has a function of accepting input of information such as user input from the outside. The output unit 250 has a function of outputting information to the outside. The transmission / reception unit 230 is an interface for performing transmission / reception of information via a network.

  The signature processing unit 212 includes a hash value calculation unit 213, a second hash value calculation unit 214, a signature information generation unit 215, and a second signature information generation unit 216. Details of processing in each of these units will be described later.

(Specific configuration of the signature device)
Here, a more specific configuration of the signature device 105 will be described. FIG. 3 is a block diagram illustrating a configuration example of the signature device 105. As shown in FIG. 3, the signature device 105 includes a CPU (Central
Processing Unit) 301, nonvolatile storage device 302, RAM 303, network interface 304, and the like.

  The non-volatile storage device 302 holds an overall control program 310 and a signature processing program 320. The signature processing program 320 includes a hash value calculation module 321, a second hash value calculation module 322, a signature information generation module 323, and a second signature information generation module 324.

  The overall control program 310 and the signature processing program 320 are programs for realizing the overall control unit 211 and the signature processing unit 212 in FIG. 1, respectively. Also, the hash value calculation module 321, the second hash value calculation module 322, the signature information generation module 323, and the second signature information generation module 324 are respectively a hash value calculation unit 213, a second hash value calculation unit 214, and a signature information generation. This is a module for realizing the unit 215 and the second signature information generation unit 216.

  In such a configuration, the programs 310 and 320 and the modules 321, 322, 323, and 324 stored in the non-volatile storage device 302 are expanded using the RAM 303 as a work area as necessary. Various processes are performed by executing the above.

  The nonvolatile storage device 302 also stores a signature key used for calculating a signature value by the signature information generation module 323. Here, the signature key is specifically a public key in a public key cryptosystem, for example.

  When the video data is received by the network interface 304 that implements the transmission / reception unit 230, the video data is stored in the RAM 303 or the nonvolatile storage device 302. That is, the RAM 303 and the nonvolatile storage device 302 at this time realize the video data storage unit 221.

  The network interface 304 is a communication interface for connecting to the video generation device 101a, the encoder 102, the recording device 103, the display device 104, and the like via the network 110 in a wired or wireless manner. Specifically, it is an interface for performing communication by optical fiber, coaxial cable, radio, or the like.

(Configuration of verification device)
Returning to FIG. 2, the verification device 106 performs processing for verifying the signature attached to the signed video data by the signature device 105. FIG. 4 is a diagram illustrating a configuration example of the verification apparatus. The verification device 106 includes a control unit 410, a storage unit 420, an input unit 430, and an output unit 440. In addition, the control unit 410 includes an overall control unit 411 and a signature verification unit 412. The storage unit 420 includes a signed data storage unit 421.

  The overall control unit 411 has a function of controlling the entire processing in the verification device 106. The signed data storage unit 421 stores signed video data generated by the signature device 105. The signature verification unit 412 performs processing for verifying the signed video data stored in the signed data storage unit 421. The input unit 430 has a function of accepting input of external information such as signed video data and user input. The output unit 440 has a function of outputting information to the outside. Details of processing in the signature verification unit 412 will be described later.

(Specific configuration of verification device)
Here, a more specific configuration of the verification apparatus 106 will be described. FIG. 5 is a block diagram illustrating a configuration example of the verification device 106. As illustrated in FIG. 5, the verification device 106 includes a CPU 501, a nonvolatile storage device 502, a RAM 503, and the like.

  The non-volatile storage device 502 holds an overall control program 510 and a signature verification program 520. The overall control program 510 and the signature verification program 520 are programs for realizing the overall control unit 411 and the signature verification unit 412 in FIG. 4, respectively.

  In such a configuration, each program 510, 520 stored in the nonvolatile storage device 502 is expanded using the RAM 503 as a work area as necessary, and these are executed by the CPU 501, thereby performing various processes. Done.

  The non-volatile storage device 502 also stores a verification key used for calculating a signature value by the signature verification program 520.

  When the signed video data is received by the input unit 430, the signed video data is stored in the RAM 503 or the nonvolatile storage device 502. In other words, the RAM 503 and the nonvolatile storage device 502 at this time realize the signed video data storage unit 421.

  Here, any of the video generation apparatus 101a, the encoder 102, the recording apparatus 103, and the display apparatus 104 described above may include a signature apparatus 105 therein. Thus, the signed video data generated by at least one of the video generation device 101a, the encoder 102, the recording device 103, and the display device 104 is converted into at least one of the video generation device 101a, the encoder 102, the recording device 103, and the display device 104. The authenticity of the video data can be proved by exchanging and storing the extracted video data in one apparatus and verifying the signed video data extracted and stored by the verification apparatus 106.

  In addition, a part of the hierarchical data can be deleted from the signed video data generated by at least one of the video generation device 101a, the encoder 102, the recording device 103, and the display device 104. That is, the hierarchical data is deleted and stored in at least one of the video generation device 101a, the encoder 102, the recording device 103, the display device 104, and the signature device 105, and the stored signed video data is verified. By verifying at 106, the authenticity of the video data can be proved.

(Signature device operation)
6 and 7 are diagrams for explaining a specific example of processing in the signature processing unit 212 of the signature device 105. 6 and 7 show a case where signed video data is generated for _four video data M ₁ , M ₂ , M ₃ , and M ₄ encoded in three layers of low resolution, medium resolution, and high resolution. Show. Here, a case will be described in which a hash tree structure is used in which two hash values calculated from each video data are concatenated to further calculate a hash value.

First, as shown in FIG. 6, in the hash value calculation unit 213, for each video data M _i stored in the video data storage unit 221 (i = 1, 2, 3, 4, and so on), the low resolution Hash values h ₀ ⁱ , h ₁ ⁱ , and h ₂ ⁱ of data i, medium resolution data i, and high resolution data ⁱ are calculated.

Next, the second hash value calculation unit 214 generates a concatenated value for each video data by concatenating two hash values h ₀ ⁱ , h ₁ ⁱ , and h ₂ ⁱ of each layer data in order from the upper layer. Then, by repeating the process of calculating the hash value for this concatenated value, one hash value h ₀₁₂ ⁱ is calculated.

Next, the signature information generation unit 215 generates a signature value σ _i using a signature key from one hash value h ₀₁₂ ⁱ generated for each video data M _i .

Then, in the second signature information generation unit 216, a hash value h _{2 i} coupled to the hash value of the medium resolution data i and the low resolution data i to the signature value sigma _i generated for each video data M ^_i, h ₁₂ ⁱ Is added to the signature data S _i of M _i . FIG. 7A is a diagram showing signed video data generated for video data M ₁ when i = 1.

As described above, the signature device 105 generates signature data S ₁ ,..., S _k from the video data M ₁ ,..., M _k (k is a positive integer).

The video generation apparatus 101a, the encoder 102, recording device 103, display device 104 or the signature device 105, the video data _M 1, · · ·, in the case of extraction and storage of only some of the video data from the _{M k} is any natural number j of the (j = 1, ···, k ) is selected, and the video data _{M j} corresponding to the j, to save the signature data _{S j} corresponding to the video data _{M j,} as a signed video data.

The video generation apparatus 101a, an encoder 102, a recording device 103, to save and delete the data of the upper hierarchy of the hierarchical data of the video data _{M k} in the display device 104 or the signature device 105, the video data _{M k} remove the hierarchical data to be deleted included in, saving the remaining hierarchical data contained in M _k and the signature data S _k, as signed video data. For example, FIG. 7B shows a case where high resolution data is deleted, and FIG. 7C shows a case where high resolution data and medium resolution data are deleted and only the lowest layer exists. . If the lowest layer data is deleted, the video data cannot be reproduced.

(Operation of the verification device)
Next, a specific example of processing in the signature verification unit 412 of the verification apparatus 106 will be described with reference to FIG. Here, a case where the signature data S ₁ generated from the video data M ₁ shown in FIG. 7 is verified will be described as an example. 8A shows a case where all the three hierarchical data of M ₁ are prepared (corresponding to FIG. 7A), and FIG. 8B shows the highest hierarchy of each hierarchical data of M _1. when is removed (corresponding to FIG. 7 (b)), FIG. 8 (c), the upper layer of each hierarchy data M ₁ is removed, if only the lowest layer is present (FIG. 7 (c) The signature verification method is shown below. Each example will be described below.

First, FIG. 8 (a) illustrates a signature verification method in which the hierarchical data of M ₁ is aligned Level 3 all. First, the signature verification unit 412 extracts the video data M ₁ from signed video data. Then, the signature verification unit 412 calculates a hash value ^{_{h 0 1, h 1 1,}} h 2 1 of the hierarchical data of the video data _{M 1,} these hash values ^{_{h 0 1, h 1 1,}} h 2 1 The process of generating a concatenated value and calculating a hash value by concatenating two in order from the hash value of the upper layer is repeated. As a result, one hash value h ₀₁₂ ¹ is finally calculated.

Then, the signature verification unit 412 calculates a verification value using the verification key from the signature value σ ₁ included in the signed video data. Then, if the calculated hash value h ₀₁₂ ¹ matches the calculated verification value, the signature verification unit 412 determines that the authenticity of the video data M ₁ has been verified.

Next, FIG. 8B shows a signature verification method when the high-resolution data 1 is deleted from the hierarchical data of M ₁ . First, the signature verification unit 412 extracts the video data M ₁ from signed video data. Next, the signature verification unit 412 calculates hash values h ₀ ¹ and h ₁ ¹ for the low resolution data 1 and the medium resolution data 1 of the video data M ₁ , respectively. Since the high-resolution data 1 is deleted, the hash value h ₂ ¹ of the high-resolution data 1 included in the signed video data is used, and h ₀ ¹ , h ₁ ¹ , and h ₂ ¹ are higher. A process of generating a concatenated value and calculating a hash value by repeating two concatenations in order from the hash value of the hierarchy is repeated. As a result, one hash value h ₀₁₂ ¹ is finally calculated.

Then, the signature verification unit 412 calculates a verification value using the verification key from the signature value σ ₁ included in the signed video data. Then, if the calculated hash value h ₀₁₂ ¹ matches the calculated verification value, the signature verification unit 412 determines that the authenticity of the video data M ₁ has been verified.

Next, FIG. 8C shows a signature when the high-resolution data 1 and the medium-resolution data 1 are deleted from the hierarchical data of M ₁ and only the low-resolution data 1 that is the data of the lowest hierarchy exists. The verification method is shown. First, the signature verification unit 412 extracts the video data M ₁ from signed video data. Next, the signature verification unit 412 calculates a hash value h ₀ ¹ of the low resolution data 1 of the video data M ₁ . Since the high resolution data 1 and the medium resolution data 1 are deleted, the hash value h ₁₂ ¹ included in the signed video data is a hash value concatenated with the hash value of the low resolution data ^1. To generate a concatenated value by concatenating h ₀ ¹ and h ₁₂ ¹ to calculate a hash value. Thereby, one hash value h ₀₁₂ ¹ can be calculated.

Then, the signature verification unit 412 calculates a verification value using the verification key from the signature value σ ₁ included in the signed video data. Then, if the calculated hash value h ₀₁₂ ¹ matches the calculated verification value, the signature verification unit 412 determines that the authenticity of the video data M ₁ has been verified.

(Embodiment 2)
The video signature system using the signature device according to the present embodiment is characterized in that the signature device 105 generates a signature value σ for one video information including a plurality of hierarchically encoded video data. That is, in the signature generation method described with reference to FIG. 6, the signature value σ is generated for each video data. However, the present embodiment is characterized in that the signature value σ is generated for each video information.

  The configurations of the video signature system, the signature device 105, and the verification device 106 according to the present embodiment are the same as the configurations of the video signature system, the signature device 105, and the verification device 106, respectively, according to the first embodiment.

  Hereinafter, the processing in the signature processing unit 212 of the signature device 105 and the processing in the signature verification unit 412 of the verification device 106 which are characteristic points of the present embodiment will be described in detail.

(Signature device operation)
FIG. 9 is a diagram illustrating a specific example of processing in the signature processing unit 212 of the signature device 105 according to the present embodiment. In the example of FIG. 9, as with the signature device 105 of the first embodiment, signed video data for four video data M ₁ , M ₂ , M ₃ , and M ₄ that are hierarchically encoded in three layers is generated. In the case of the signature device 105 of this embodiment, after generating one hash value for each video data, the signature value σ is not generated for each video data, but four video data M ₁ , M ₂ , M ₃ , a signature value σ is generated for the video information A composed of M ₄ .

In the signature generation method shown in FIG. 9, the hash value calculation unit 213 and the second hash value calculation unit 214 use the hash value h ₀ of the low resolution data i, the medium resolution data i, and the high resolution data i for each video data M _i. ^The steps up to calculating ⁱ , h ₁ ⁱ , and h ₂ ⁱ and concatenating them to calculate one hash value h ₀₁₂ ⁱ are the same as those in the signature generation method in the signature apparatus 105 of the first embodiment (FIG. 6). Signing device 105 of this embodiment, after this, further, the signature information generation unit 215, hash and connects the video data _{M 1} and the hash value calculated for _{M 2 h 012} ¹ and _{h 012} ² value _{h 012} ¹² is calculated, and the hash values h ₀₁₂ ³ and h ₀₁₂ ⁴ calculated for the video data M ₃ and M ₄ are concatenated to calculate the hash value h ₀₁₂ ³⁴ . Further, the two hash values h ₀₁₂ ¹² and h ₀₁₂ ³⁴ are connected to calculate one hash value h ₀₁₂ ¹²³⁴ . Then, a signature value σ is generated for the one hash value h ₀₁₂ ¹²³⁴ using a signature key.

When the second signature information generation unit 216 generates the signature data S _i of the video data M _i , the hash value h ₂ connected to the signature value σ, the hash value of the medium resolution data i, and the low resolution data i. ^In addition to ⁱ and h ₁₂ ⁱ , the hash value h ₀₁₂ ^p connected until the calculation of h ₀₁₂ ¹²³⁴ , which is one hash value for the video information A (if i is an odd number, p = i + 1, i is P = i−1) for an even number and hash value h ₀₁₂ ^{p (p + 1)} (p = 3 for i = 1 or i = 2, p for i = 3 or i = 4) = 1) is included in the signature data S _i of the video data M _i .

As described above, the signature device 105, the video data _M 1, · · ·, signed from _{M k} data _S 1, · · ·, to generate the _{S k.}

The image generating apparatus 101a, an encoder 102, a recording device 103, the video data _M 1 in the display device 104 or the signature device 105, ..., in the case of extraction and storage of only some of the video data from the _{M k} is any select natural number j, and the video data M _j corresponding to j, it stores the signature data S _j corresponding to the video data M _j, as signed video data.

The video generation apparatus 101a, an encoder 102, a recording device 103, to save and delete the data of the upper hierarchy of the hierarchical data of the video data _{M k} in the display device 104 or the signature device 105, the video data _{M k} remove the hierarchical data to be deleted included in, saving the remaining hierarchical data contained in M _k and the signature data S _k, as signed video data. If the lowest layer data is deleted, the video data cannot be reproduced.

(Operation of the verification device)
Next, processing in the signature verification unit 412 of the verification apparatus 106 according to the present embodiment will be described. Here, the case of verifying the signature data S ₁ generated from the video data M _1.

First, a description will be given signature verification method in which the hierarchical data of M ₁ is aligned Level 3 all. First, the signature verification unit 412 extracts the video data M ₁ from signed video data. Then, the signature verification unit 412 calculates a hash value ^{_{h 0 1, h 1 1,}} h 2 1 of the hierarchical data of the video data _{M 1,} these hash values ^{_{h 0 1, h 1 1,}} h 2 1 The process of generating a concatenated value and calculating a hash value by concatenating two in order from the hash value of the upper layer is repeated. Thereby, one hash value h ₀₁₂ ¹ is calculated.

Furthermore, the hash value _{h 012} ^1, concatenates the hash values _{h 012} ² included in the signature data _{S 1,} the hash value _h ^{012 12} calculated from this concatenated value, it is included in the signature data _{S 1} The hash value h ₀₁₂ ³⁴ is concatenated, and the hash value h ₀₁₂ ¹²³⁴ is calculated from the concatenated value.

Then, the signature verification unit 412 calculates a verification value using the verification key from the signature value σ included in the signed video data. If the calculated hash value h ₀₁₂ ¹²³⁴ matches the calculated verification value, the signature verification unit 412 determines that the authenticity of the video data M ₁ has been verified.

Next, a signature verification method when the high-resolution data 1 is deleted from each hierarchical data of M ₁ will be described. First, the signature verification unit 412 extracts the video data M ₁ from signed video data. Next, the signature verification unit 412 calculates hash values h ₀ ¹ and h ₁ ¹ for the low resolution data 1 and the medium resolution data 1 of the video data M ₁ , respectively. Since the high-resolution data 1 is deleted, h ₀ ¹ , h ₁ ¹ , and h ₂ ¹ are converted to higher ranks using the hash value h ₂ ¹ of the high-resolution data 1 included in the signed video data. A process of generating a concatenated value and calculating a hash value by repeating two concatenations in order from the hash value of the hierarchy is repeated. Thereby, one hash value h ₀₁₂ ¹ is calculated.

Furthermore, the hash value _{h 012} ^1, concatenates the hash values _{h 012} ² included in the signature data _{S 1,} the hash value _h ^{012 12} calculated from this concatenated value, it is included in the signature data _{S 1} The hash value h ₀₁₂ ³⁴ is concatenated, and the hash value h ₀₁₂ ¹²³⁴ is calculated from the concatenated value.

Then, the signature verification unit 412 calculates a verification value using the verification key from the signature value σ included in the signed video data. If the calculated hash value h ₀₁₂ ¹²³⁴ matches the calculated verification value, the signature verification unit 412 determines that the authenticity of the video data M ₁ has been verified.

Next, a signature verification method in the case where the high resolution data 1 and the medium resolution data ₁ in each layer data of M ₁ are deleted and only the low resolution data 1 that is the lowest layer data exists will be described. First, the signature verification unit 412 extracts the video data M ₁ from signed video data. Next, the signature verification unit 412 calculates a hash value h ₀ ¹ of the low resolution data 1 of the video data M ₁ . Since the high resolution data 1 and the medium resolution data 1 are deleted, the hash value h ₁₂ ¹ included in the signed video data is a hash value concatenated with the hash value of the low resolution data ^1. Is used to generate a concatenated value by concatenating h ₀ ¹ and h ₁₂ ¹ to calculate a hash value. Thereby, one hash value h ₀₁₂ ¹ can be calculated.

Furthermore, the hash value _{h 012} ^1, concatenates the hash values _{h 012} ² included in the signature data _{S 1,} the hash value _h ^{012 12} calculated from this concatenated value, it is included in the signature data _{S 1} The hash value h ₀₁₂ ³⁴ is concatenated, and the hash value h ₀₁₂ ¹²³⁴ is calculated from the concatenated value.

Then, the signature verification unit 412 calculates a verification value using the verification key from the signature value σ included in the signed video data. If the calculated hash value h ₀₁₂ ¹²³⁴ matches the calculated verification value, the signature verification unit 412 determines that the authenticity of the video data M ₁ has been verified.

As described above, according to the present embodiment, the authenticity of the video data M _i and the signature data S _i corresponding thereto, the authenticity of the low-level video data that remains even if the higher-level video data is deleted. It can be performed.

(Embodiment 3)
The video signature system using the signature device according to the present embodiment is characterized in that the signature device 105 calculates each hash value from the hierarchical data of the video data by adding a random value.

  For example, when video information including a plurality of video data is video information of a moving image, the same frame (video data) may appear repeatedly. In such a case, the same hash value is calculated from the hierarchical data of the video data having the same content. Therefore, if the hash value is simply calculated based only on the hierarchical data of each video data, even if some hierarchical data is deleted, the hash value of the existing hierarchical data is the same as the hash value of the deleted hierarchical data. In some cases, it is known that the deleted hierarchical data is hierarchical data having the same content as the existing hierarchical data, and as a result, the deleted hierarchical data can be restored.

  Therefore, in the signature device according to the present embodiment, such a situation can be avoided by calculating a hash value by adding a random value to the hierarchical data.

  The configurations of the video signature system and the verification device 106 according to the present embodiment are the same as the configurations of the video signature system and the verification device 106 according to the first embodiment, respectively.

(Configuration of signature device)
FIG. 10 is a diagram illustrating a configuration example of the signature device 105 according to the present embodiment. The signature device 105 includes a control unit 210, a storage unit 220, a transmission / reception unit 230, an input unit 240, and an output unit 250. The control unit 210 includes an overall control unit 211 and a signature processing unit 212. The signature processing unit 212 includes a random number acquisition unit 217, a binary tree generation unit 218, a hash value calculation unit 213, a second hash value calculation unit 214, a signature information generation unit 215, and a second signature information generation unit. 216. That is, the difference between the configuration of the signature device according to Embodiment 1 and Embodiment 2 is that it further includes a random number acquisition unit 217 and a binary tree generation unit 218, and other configurations are as described above. Therefore, the processing in the random number acquisition unit 217 and the binary tree generation unit 218 will be described in detail below.

  The specific configuration of the signature device 105 according to the present embodiment is the same as the configuration shown in FIG. That is, as a part of the signature processing program 320 held in the nonvolatile storage device 302, a random number acquisition module for realizing the random number acquisition unit 217 and a binary tree generation module for realizing the binary tree generation unit 218 These modules are expanded with the RAM 303 as a work area as necessary and executed by the CPU 301, whereby the respective processes are executed.

(Signature device operation)
FIG. 11 is a diagram illustrating a specific example of processing in the random number acquisition unit 217 and the binary tree generation unit 218. In FIG. 11, similarly to the specific examples in the first and second embodiments, the low resolution data i, the medium resolution data i, and the high in the four pieces of video data M ₁ , M ₂ , M ₃ , and M ₄ , respectively. A case where a hash value is calculated from the resolution data i will be described. However, since it is basically the same as the processing method described in Patent Document 1, only the main part will be described in detail below.

First, the random number acquisition unit 217 acquires one random number r _R that is a root random number. Here, since the total number of hierarchical data is 3 × 4 = 12, the root random number r _R is r _1,16 from (Equation 1) below.

次に、二分木生成部２１８において、このルート乱数ｒ_Ｒ＝ｒ_１，１６から、特許文献１に記載の方法により、二分木のリーフ列を構成する乱数列が階層データの個数と同数となるように二分木を生成する。なお、この二分木を生成する方法については、特許文献１に記載されている方法と同様であるので、ここでは簡略して説明する。

Next, in the binary tree generation unit 218, from this root random number r _R = r _1,16 , the random number sequence constituting the leaf sequence of the binary tree becomes the same as the number of hierarchical data by the method described in Patent Document 1. The binary tree is generated as follows. The method for generating the binary tree is the same as the method described in Patent Document 1, and will be described briefly here.

First, r _1,8 and r _9,16 are generated from the root random numbers r _1,16 . Here, r _1,8 = H (r _1,16 || L) and r _9,16 = H (r _1,16 || R). H () is a hash function, || is a combination of preceding and following numerical values, L and R are specific numeric strings, and L ≠ R.

Next, in the same manner, r _1,4 and r _5,8 are generated from the random numbers r _1,8 . For r _9,16 ,

であるので、乱数ｒ_９，１２のみが生成される。

Therefore, only random numbers r _9,12 are generated.

That is, when the branch destination random number is generated from the branch source random number rm _{, n} , it is generated based on the following conditions.

以上のような処理を繰り返すことで、乱数の二分木を生成していき、最終的にリーフ乱数列ｒ_１，ｒ_２，・・・，ｒ_１２が生成される。

By repeating the above processing, a random number binary tree is generated, and finally, a leaf random number sequence r ₁ , r ₂ ,..., R ₁₂ is generated.

Then, in the hash value calculation unit 213, using these random number sequences, the low-resolution data i and the medium-resolution data in the video data M ₁ , M ₂ , M ₃ , and M ₄ by the following calculation method (Formula 2). i, hash values h ₀ ⁱ , h ₁ ⁱ , and h ₂ ⁱ of the high resolution data ⁱ are calculated. Note that e ₀ ⁱ , e ₁ ⁱ , and e ₂ ⁱ indicate hash parameters of each resolution data.

(Formula 2)
h ₀ ⁱ = H (e ₀ ⁱ || r _{i · 3−2} )
h ₁ ⁱ = H (e ₁ ⁱ || r _{i · 3-1} )
h ₂ ⁱ = H (e ₂ ⁱ || r _{i · 3} )
The subsequent processing in the second hash value calculation unit 214 and the signature information generation unit 215 is the same as the processing described in the first and second embodiments. Further, in the second signature information generation unit 216 generates to include root random number r _R in the signature data of the video data.

In the example of FIG. 11, different random numbers are generated for each resolution data, but different random numbers may be generated for each video data. For example, random values r ₁ , r ₂ , r ₃ , and r ₄ are generated for the video data M ₁ , M ₂ , M ₃ , and M ₄ to calculate a hash value in each resolution data of each video data. It may be used. If the random values r ₁ , r ₂ , r ₃ , r ₄ are different from each other, even if the predetermined resolution data of a certain video data is deleted, it is restored from the predetermined resolution data of other video data. Because you can't.

(Operation of the verification device)
The processing in the signature verification unit of the verification device according to the present embodiment is basically the same as the processing of the signature verification unit 412 of the verification device 106 described in the first or second embodiment, but each hierarchical data when calculating the hash value from the point of utilizing the root random number r _R contained in the signature data of the video data is different. That is, as with the signature device 105, a binary tree is generated from the root random number r _R included in the signature data of the video data, and a hash value for each hierarchical data is calculated based on the calculation method of (Expression 2). . The subsequent processing is the same as the processing of the signature verification unit 412 described in the first or second embodiment.

  As described above, according to the present embodiment, for example, even when video information including a plurality of video data is video information of a moving image and the same video data repeatedly appears, it exists. It is possible to avoid a situation where hierarchical data deleted from hierarchical data is restored.

(Other embodiments)
In the above embodiment, the signature target data is described as video data, but other data may be used.

  In the above-described embodiment, the case where the number of hierarchical layers of video data is 3 has been described. However, it is possible to generate a signature for data that has been hierarchically encoded in an arbitrary number by the same method.

  In the above embodiment, the hash value calculated from each hierarchical data is linked from the upper hierarchy, but may be linked from the lower hierarchy.

  In the above embodiment, in order to calculate one hash value from the hash value calculated from each hierarchical data, as a method of combining hash values, the hash values are concatenated to further hash the concatenated values. Although the values are calculated, the hash values may be combined by another method.

  In addition, as for the hash function used in the above-described embodiment, a hash function used when calculating one hash value for video data or video information, and a hash value before calculation (from hierarchical data) The same hash function (for example, SHA-256) may be used as a hash function used when calculating a hash value or when calculating a hash value by combining these hash values. Different hash functions may be used. Specifically, when using different hash functions, for example, when generating signature information from one hash value for video data or video information, RSA-PSS (RSA Probabilistic Signature Scheme), ECDSA (Elliptic Curve Digital) A signature scheme such as (Signature Algorithm) may be applied.

  In each of the above embodiments, the signature processing unit 212 of the signature device 105 and the signature verification unit 412 of the verification device 106 have been described as being implemented by software, but may be implemented using dedicated hardware.

(Summary)
As described above, according to the present invention, since the hash value combined with the hash value of the hierarchical data constituting each hierarchy is included in the second signature information, a part of the hierarchical data is deleted. In addition, the signature can be verified using the hash value of the deleted hierarchical data included in the signature. Also, since the calculated one hash value is one hash value for video data composed of a plurality of hierarchical data, the authenticity as video data can be ensured.

  The reason why the signature generation method in the signature device of the above embodiment has high efficiency is as follows. In public key cryptography used for a digital signature, the signature generation process takes the longest processing time, and the hash processing time is very short compared to the signature generation processing time. In the signature device in the above embodiment, the signature generation process is not performed for each hierarchical data, but is performed for each video data or video information, so that the entire processing time can be shortened.

(Additional notes regarding claims)
With respect to the present invention, the following aspects are conceivable with regard to the description of the claims.

(Claim 2)
A signature device that generates signature information for one piece of video information including a plurality of hierarchically encoded video data,
For each of the plurality of video data, a hash value calculating means for calculating a hash value for each of the hierarchical data constituting each hierarchy of the hierarchically encoded video data;
For each of the plurality of video data, one hash for each of the plurality of video data is obtained by repeating a process of calculating a hash value by combining two of the calculated hash values in the hierarchical order of the hierarchical data. A second hash value calculating means for calculating a value;
A hash value for the video information is calculated by repeating a process of calculating a hash value by combining any of the hash values calculated for each of the plurality of video data by the second hash value calculation unit. Signature information generating means for generating signature information for the video information based on the hash value;
Second signature information generation for generating second signature information for each of the plurality of video data, including the signature information and each hash value combined before calculating one hash value for the video information Means,
A signature apparatus comprising:

  As a result, even if a part of the hierarchical data is deleted in a device that records and reproduces the signed video data to which the second signature information generated by this signature device is attached, It is possible to verify a signature for assuring authenticity. Furthermore, since a signature is generated for video information including a plurality of video data, the speed of signature generation processing and signature verification processing can be improved as compared with the case where a signature is generated for each video data.

(Claim 3)
Random number acquisition means for acquiring a random number;
A binary tree generating means for generating a binary tree having the acquired random number as a root random number so that a random number sequence constituting a leaf sequence of the binary tree is equal to the total number of the hierarchical data;
Further comprising
The hash value calculation means calculates a hash value for each of the hierarchical data based on the generated leaf random number sequence of the binary tree and the hierarchical data when calculating a hash value for each of the hierarchical data. Calculate each value,
The second signature information generating means generates the second signature information so as to include the root random number;
The signature device according to claim 1, wherein:

  Thus, for example, even when video information including a plurality of video data is video information of a moving image and the same video data repeatedly appears, hierarchical data deleted from existing hierarchical data is deleted. It is possible to avoid the situation where it is restored.

(Claim 4)
A verification apparatus for receiving a hierarchically encoded video data associated with the second signature information generated in the signature apparatus according to any one of claims 1 to 3 and verifying the signature. ,
In the hierarchically encoded video data, when at least one hierarchical data does not exist, a hash value calculated from the nonexistent hierarchical data, using the hash value included in the second signature information , A signature verification unit that performs signature verification processing,
A verification apparatus comprising:

  As a result, even if a part of the hierarchical data is deleted in an apparatus for recording and reproducing the signed video data to which the second signature information is added, the authenticity of the video data is guaranteed. It is possible to verify the signature.

(Claim 5)
A signature generation method for generating signature information for hierarchically encoded video data,
A hash value calculating step for calculating a hash value for each of the layer data constituting each layer of the layer-encoded video data;
A second hash value calculating step of calculating one hash value for the video data by repeating the process of calculating the hash value by combining two of the calculated hash values in the hierarchical order of the hierarchical data;
A signature information generating step for generating signature information based on the one hash value;
Second signature information generation for generating second signature information including the signature information and each hash value combined until the one hash value is calculated for the hierarchically encoded video data Steps,
A signature generation method comprising:

  As a result, even if a part of the hierarchical data is deleted in an apparatus for recording and reproducing the signed video data with the second signature information generated by this signature generation method, the video It is possible to verify the signature to ensure the authenticity of the data.

101a, 101b Video generation device 102 Encoder 103 Recording device 104 Display device 105 Signature device 106 Verification device 110 Network 210 Control unit 211 Overall control unit 212 Signature processing unit 213 Hash value calculation unit 214 Second hash value calculation unit 215 Signature information generation unit 216 Second signature information generation unit 217 Random number acquisition unit 218 Binary tree generation unit 220 Storage unit 221 Video data storage unit 222 Data storage unit 230 Transmission / reception unit 240 Input unit 250 Output unit 301 CPU
302 Nonvolatile storage device 303 RAM
304 network interface 310 overall control program 320 signature processing program 321 hash value calculation module 322 second hash value calculation module 323 signature information generation module 324 second signature information generation module 410 control unit 411 overall control unit 412 signature verification unit 420 storage unit 421 Data storage unit 421 Video data storage unit 430 Input unit 440 Output unit 501 CPU
502 Non-volatile storage device 503 RAM
510 Overall control program 520 Signature verification program

Claims (1)

A signature device for generating signature information for hierarchically encoded video data,
A hash value calculating means for calculating a hash value for each of the hierarchical data constituting each hierarchy of the hierarchically encoded video data;
A second hash value calculating means for calculating one hash value for the video data by repeating the process of calculating the hash value by combining two of the calculated hash values in the hierarchical order of the hierarchical data;
Signature information generating means for generating signature information based on the one hash value;
Second signature information generation for generating second signature information including the signature information and each hash value combined until the one hash value is calculated for the hierarchically encoded video data Means,
A signature apparatus comprising:

Images