JP2011130213A - Information processing apparatus and image verifying device, and control method thereof - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To exclude image processing such as gamma correction processing, contrast correction processing and white balance correction processing from factors of disturbing guarantee of originality by producing verification data for which influences of such image processing is reduced. <P>SOLUTION: A boundary information calculating section 211 detects a pixel value of which the difference from an unreal pixel value becomes 1, from among pixel values really existing in image data inputted and produces, as first verification target information, information indicating whether or not the detection is made successful and information specifying a position of a pixel having the pixel value detected successfully if detected successfully. Each time two pixels are selected from the image data inputted in accordance with a preset random number, an order information calculating section 212 produces, as second verification target information, information specifying a magnitude relationship between the two pixels selected. A verification data producing section 213 produces verification data for image data signature using the first verification target information and the second verification target information. <P>COPYRIGHT: (C)2011,JPO&INPIT

Description

  The present invention relates to a technique for guaranteeing the originality of image data.

  Insurance companies and construction companies have used silver halide cameras as evidence photographs of the progress of accident sites and construction sites, but it is considered to use digital cameras instead. However, the digital image data obtained with a digital camera can be easily tampered with using a commercially available photo retouching tool for PCs, etc. Therefore, the reliability of digital data is higher than that of conventional silver salt photographs. The problem is that it is low and the ability as evidence is poor. As a method for solving such a problem, a method as disclosed in Patent Document 1 has been proposed. This document discloses that confidential information is previously incorporated in a digital camera and digital image data obtained by photographing is subjected to signature processing using the confidential information. By performing verification processing using the generated signature information after shooting, it is possible to guarantee the originality of the shot image data.

  On the other hand, in a video input device such as a digital camera, an electrical signal of a captured image obtained by photoelectrically converting a subject optical image by an image sensor such as a CMOS or CCD is converted into digital data by AD conversion. Then, various image reproduction processes are performed on the image data converted to digital data (hereinafter referred to as RAW image data). Examples of image reproduction processing include gamma correction processing, contrast correction processing, white balance correction processing, and the like. In particular, some recent digital cameras have an operation mode that outputs RAW image data as described above (without image processing). In such a digital camera, a user transfers RAW image data to a PC or the like, and performs image reproduction processing by performing desired image processing using an application on the PC. Thereby, the user himself / herself can reproduce an image according to the user's preference.

US Pat. No. 5,499,294

  However, the method described in Patent Document 1 does not consider the image reproduction processing for RAW image data as described above. In other words, when a signature is applied to the RAW image data inside the digital camera and then the image reproduction process is executed on the PC, the signature verification fails. That is, according to the method described in Patent Document 1, even if image reproduction processing that is not malicious tampering is performed, it is determined that the image is tampered. Therefore, the originality of the image data subjected to image reproduction processing is determined. Is difficult to guarantee.

  The present invention has been made in view of such problems. Then, it is intended to provide a technique capable of guaranteeing the originality of image data subjected to image reproduction processing such as gamma correction processing, contrast correction processing, and white balance correction processing.

In order to solve this problem, for example, an information processing apparatus of the present invention has the following configuration. That is,
An information processing apparatus for generating verification data for assuring the originality of image data from the image data,
Image input means for inputting image data to be guaranteed for originality;
Whether the pixel value that is different from the non-existent pixel value is less than or equal to a preset threshold value among the actual pixel values input in the image data input by the image input unit and has been detected successfully First generation means for generating, as first verification target information, information indicating whether or not, and information for specifying a position of a pixel having a pixel value that has been successfully detected when detection is successful;
Each time N pixels (N is an integer of 2 or more) are selected from the image data input by the image input unit according to a preset random number, the first to Nth pixels of the selected N pixels are selected. Second generation means for generating, as second verification target information, information specifying the magnitude relationship of each pixel value;
Verification data generation means for generating verification data of the image data input by the image input means using the first verification target information and the second verification target information;
Image output means for outputting the verification data generated by the verification data generation means together with the image data input by the image input means.

  According to the present invention, verification data with less influence such as gamma correction processing, contrast correction processing, and white balance correction processing is generated. Therefore, it is possible to exclude these image processing from factors that hinder the guarantee of originality. It becomes possible.

The figure explaining the whole structure of the system in 1st Embodiment. 1 is a diagram illustrating a configuration of an image input device according to a first embodiment. 1 is a diagram illustrating a configuration of an image verification apparatus according to a first embodiment. The block diagram which shows the structure of the boundary information calculation part in 1st Embodiment. The figure explaining the extraction method of the component value and boundary value in 1st Embodiment. The figure explaining the extraction method of the boundary information in 1st Embodiment. The flowchart which shows the boundary information extraction process in 1st Embodiment. The block diagram which shows the structure of the order information calculation part in 1st Embodiment. The figure explaining a pixel pair. The figure explaining the example of calculation of order information. 6 is a flowchart illustrating imaging processing according to the first embodiment. The block diagram which shows the structure of the verification part in 1st Embodiment. The figure explaining the 1st verification part in 1st Embodiment. The flowchart which shows the 1st verification process in 1st Embodiment. 5 is a flowchart illustrating image verification processing according to the first embodiment. The figure explaining the attack in the case of falsifying the pixel used as a boundary value into a missing pixel value.

  Hereinafter, embodiments according to the present invention will be described in detail with reference to the accompanying drawings.

[First Embodiment]
<Description of overall system configuration>
First, an example of the overall configuration of the system in this embodiment is shown in FIG. The system in the present embodiment includes an image input device 11 and an image verification device 12.

  In the figure, an image input device 11 generates image data to be guaranteed for originality and outputs the generated image data. In particular, in the present embodiment, in addition to the image data, whether or not the image data has been tampered with, in other words, verification data for assuring the originality is generated and output together with the image data. In the present embodiment, image data obtained by AD-converting an electrical signal of a captured image obtained by photoelectrically converting a subject optical image by an image sensor such as a CMOS or CCD in the image input device 11 (hereinafter referred to as a RAW image). Data) is output without image processing. Details of the RAW image data will be described later. The image verification device 12 verifies whether the image data input from the previous image input device 11 has been tampered with, and outputs a verification result. The image input device 11 and the image verification device 12 may be connected via a network such as the Internet so that various data can be exchanged. Alternatively, various data may be recorded in a storage medium such as a removable medium at the time of output, and the various data may be exchanged.

<Basic configuration of image input device>
Next, the image input apparatus 11 applicable to the present embodiment will be described with reference to FIG. FIG. 2A is a diagram illustrating a basic configuration of the image input apparatus 11 applicable to the present embodiment. As shown in FIG. 2A, the image input device 11 in this embodiment includes a ROM 21, a storage memory 22, a work memory 23, a CPU 24, an operation unit 25, an optical system 26, a drive unit 27, and an I / F 28. Each of them is connected by a bus 29.

  The image input device 11 is an imaging device such as a digital camera that is widely used, for example, and stores digital image data generated by the optical system 26 when a shooting instruction is given using the operation unit 25. It is possible to accumulate in In the figure, a ROM 21 is a read-only memory, in which shared information necessary for generating an operation program and verification data is stored in advance. The storage memory 22 stores processed image data. The work memory 23 temporarily stores the image data, where the image data is compressed and various arithmetic processes are performed. When a photographing instruction is given, the CPU 24 performs various arithmetic processing such as image data compression processing and verification data generation in accordance with a program stored in the ROM 21 in advance. The operation unit 25 is a user interface for receiving various instructions including a shooting instruction of the photographer and setting of various parameters. The optical system 26 includes an optical sensor such as a charge-coupled device CCD or a complementary metal oxide semiconductor CMOS. When a photographing instruction is given, the subject 26 is photographed, electrical signal processing, digital signal processing, and the like are performed. The drive unit 27 performs mechanical operations (movement of the focus lens and zoom lens) necessary for photographing under the control of the CPU 24. The I / F 28 is an interface with an external device such as a memory card, a portable terminal, or a communication device, and is used when image data or verification data is transmitted to these devices.

<Basic configuration of host computer>
Next, the image verification apparatus 12 that can be applied to the present embodiment will be described with reference to FIG. FIG. 3A shows a basic configuration of a host computer that functions as the image verification apparatus 12 according to the present embodiment and a relationship with peripheral devices. The host computer is a commonly used personal computer.

  The host computer 12 includes a monitor 32 that displays various information, a CPU 33 that can control the operation of each unit in the host computer 12 or execute a program loaded in the RAM 35, and a ROM 34 that stores a BIOS and a boot program. Have In addition, the host computer 12 has a RAM 35 for temporarily storing a program and image data to be processed in order to perform processing by the CPU 33. The RAM 35 is loaded with a program for the OS (operating system) and the CPU 33 to perform various processes described later. Further, the host computer 12 has a hard disk (HD) 36 used for storing an OS and a program transferred to the RAM 35 and the like, and storing and reading image data while the apparatus is operating. As other external storage devices, a CD-ROM (CD-R, CD-R / W, etc.) drive 37, an FD (floppy (registered trademark)) drive 38, and a DVD drive are also provided. Note that when a program for image processing is stored in a CD-ROM, FD, DVD-ROM or the like, these programs are installed in the HD 36 and transferred to the RAM 45 as necessary.

  The host computer also has an interface 311 for connecting a network interface card (NIC) 310, a pointing device 312 such as a mouse, and an interface 314 for connecting a keyboard 313. By connecting the NIC 310, the present apparatus can be connected to a network such as the Internet. In addition, image data stored in the RAM 35, HD 36, CD-ROM 37, FD 38, DVD 39, etc. can be transmitted to the network. Furthermore, image data can be received from the network. The constituent units are connected to each other via a system bus 315.

  In the above configuration, the host computer can store in the HD 36, CD 37, FD 38, DVD 39, etc., or display the stored image data or the like on the monitor 32. Further, these image data can be distributed via the Internet or the like by using the NIC 310 or the like, and conversely can be obtained. Further, various instructions from the user are performed by input from the pointing device 312 and the keyboard 313. Inside the host computer 12, blocks to be described later are connected by a bus 315, and various data can be transferred.

<Configuration of image input device>
Hereinafter, the functional configuration of the image input apparatus 11 applied to the present embodiment will be described with reference to FIG. In the following description, the image input apparatus 11 is powered on and the OS is loaded in the work memory 23. The present invention is not limited to this, and may be executed by the host computer 12 described above. In this case, each processing unit is realized by a corresponding program and a CPU 33 that executes the program, and in some cases, peripheral hardware.

  As shown in FIG. 2B, the image input device 11 in this embodiment includes an image generation unit 210, a boundary information calculation unit 211, an order information calculation unit 212, a verification data generation unit 213, and an image output unit 214. Is done. Note that the image input processing described here may be realized by software processing. In that case, each of the above sections should be considered as a conceptual view of the functions necessary for the above processing.

  The image generating unit 210 includes an optical sensor such as a CMOS (complementary metal oxide semiconductor) or a CCD (charge coupled device) and a microprocessor for controlling the optical system by the optical system 26. The image generation unit 210 acquires a video signal generated by the optical system and the optical sensor as image information, and forms image data I. The image data I generated by the image generation unit 210 is supplied to the subsequent boundary information calculation unit 211, the order information calculation unit 212, and the image output unit 214. The boundary information calculation unit 211 receives the image data I supplied from the previous image generation unit 210, generates boundary information B from the image data I, and outputs it.

  Details of the boundary information calculation unit 211 in this embodiment will be described with reference to FIG. As shown in FIG. 4, the boundary information calculation unit 211 in this embodiment includes an image configuration pixel extraction unit 41, a boundary pixel extraction unit 42, and a boundary information extraction unit 43. The image constituent pixel extraction unit 41 extracts the image constituent pixel C from the input image data I, and outputs it to the boundary pixel extraction unit 42. Here, a pixel value constituting input image data is defined as an image constituent pixel value, and a set of image constituent pixel values is defined as an image constituent pixel C. The image constituent pixel extraction unit 41 extracts the image constituent pixel values of the image data I in the raster scan order, for example, and outputs the set of the image constituent pixel values as the image constituent pixels C to the boundary pixel extracting unit 42. Here, extraction of the image constituent pixel C will be described with reference to FIG. In FIG. 5, image data 51 is image data I from which image constituent pixels C are to be extracted, and each grid indicates a pixel. Also, allocation is performed in the order of raster scanning from the upper left pixel as indicated by reference numeral 52 in FIG. The pixels of the image data I are C (0) = 4, C (1) = 5, C (2) = 3,..., C (33) = 253, C (34) = 255, C (35) = 255. Here, the image constituent pixel C is extracted by using the image data 51 as the image data to be extracted. When all the pixels constituting the image data 51 are identified in the raster scan order, the image data 51 has pixel values 0, 1, 2, 3, 4, 5, 200, 250, 251, 252, 253, 254, 255. It can be seen that it is configured. Therefore, the image constituent pixel C of the image data I51 has 13 image constituent pixel values constituting the image constituent pixel C, and the image constituent pixel values are 0, 1, 2, 3, 4, 5, 200, 250, 251, 252, 253, 254, 255. As a result, the image constituent pixel C53 of FIG. 5 is extracted and output to the boundary pixel extracting unit 42. That is, it can be said that the image constituent pixel C53 is obtained by connecting the number of colors appearing in the block of interest and the pixels of each color. Here, the pixel values constituting the image data I are confirmed in the order of raster scanning. However, for example, even if pixel values (0 to 255) that can constitute an image are included in the image data I in order, Good. Further, hereinafter, for convenience of explanation, a pixel value that does not constitute the image data I is defined as a missing pixel value. For example, the missing pixel values of the image data I component in the above-described example are 6, 7,... 199, 201, 202,. The details of the image configuration pixel extraction unit 41 in the present embodiment have been described above.

  The boundary pixel extraction unit 42 receives the image configuration pixel C extracted by the previous image configuration pixel extraction unit 41, extracts the boundary pixel K from the image configuration pixel C, and outputs it to the boundary information extraction unit 43. Here, a pixel value defined by adding or subtracting the minimum accuracy to each image component pixel value included in the image component pixel C is defined as a boundary pixel value, and a set of boundary pixel values is defined as a boundary pixel value. Let it be pixel K. In the present embodiment, description will be made assuming that the minimum accuracy of the pixel value is 1. In the present embodiment, the minimum precision of the pixel value is set to 1. However, the present invention is not limited to this, for example, in the case of a TIFF format or the like in which the minimum precision is 1 or less. Hereinafter, details of the processing of the boundary pixel extraction unit 42 will be described.

  The boundary pixel extraction unit 42 first adds 1 that is the minimum precision of the pixel value to each image configuration pixel value included in the image configuration pixel C extracted by the previous image configuration pixel extraction unit 41, and after the addition It is inspected whether the value is included in the image constituent pixel C extracted by the previous image constituent pixel extraction unit 41. As a result of the inspection, when the value after addition is not included in the image constituent pixel C (that is, when it becomes a missing pixel value), the image constituent pixel value before addition is extracted as a boundary pixel value. At this time, the maximum value that the pixel value can take (255 in this embodiment) is excluded because there is no value obtained by adding 1 which is the minimum precision of the pixel value.

The content described above will be described using the above-described image constituent pixel C53. First, it can be seen from the first information of the image constituent pixel value indicated by the image constituent pixel C53 that the number of image constituent pixel values constituting the image data I is thirteen. It can also be seen that the second to fourteenth values of the image constituent pixel C53 are image constituent pixel values. Therefore, a value C ₀ ′ (= 0 + 1 = 1) obtained by adding 1 which is the minimum accuracy of the pixel value to the image constituent pixel value C ₀ = 0 is the remaining pixel value {1, 2, 3,. 4, 5, 200, 250, 251, 252, 253, 254, 255}. As a result, since C ₀ ′ = 1 is included in the pixel value (C ₁ = 1) described above (that is, not a missing pixel value), it is determined that the pixel value C ₀ is not a boundary pixel value. Similarly, when all the image constituent pixel values are inspected, the value C ₅ ′ = 6 obtained by adding 1 to the image constituent pixel value C ₅ = 5 is the image constituent pixel value {0, 1, 2, 3, 4, 5, 200, 250, 251, 252, 253, 254, 255}. That is, it can be determined as a missing pixel value. Accordingly, the pixel value C ₅ is extracted as a boundary pixel value.
Next, similarly to the above-described addition, the boundary pixel extraction unit 42 subtracts 1 which is the minimum precision of the pixel value from each image configuration pixel value included in the image configuration pixel C, and the value after the subtraction is It is inspected whether it is included in the image constituent pixel C extracted by the image constituent pixel extracting unit 41. As a result of the inspection, when the value after subtraction is not included in the image constituent pixel C (that is, when it becomes a missing pixel value), the image constituent pixel value before subtraction is extracted as a boundary value. At this time, the minimum value that the pixel value can take (0 in the present embodiment) is excluded because there is no value obtained by subtracting 1 which is the minimum precision of the pixel value.

Hereinafter, boundary pixel extraction by subtraction will be described using the above-described image constituent pixel 53C. First, the value C ₀ ′ (= 0−1 = −1) obtained by subtracting 1 from the image constituent pixel value C ₀ = 0 is excluded because it does not exist as a pixel value. A value C ₁ ′ (1-1 = 0) obtained by subtracting 1 which is the minimum precision of the pixel value from the image constituent pixel value C ₁ = 1 is the image constituent pixel value {0, 1, 2, 3 of the image constituent pixel C. 4, 5, 200, 250, 251, 252, 253, 254, 255}. As a result, since C ₁ ′ = 0 is included in the above-described image configuration pixel value (C ₀ = 0) (that is, not a missing pixel value), the image configuration pixel value C ₁ is not a boundary pixel value. to decide. Similarly, when all the image constituent pixel values are inspected, the value C200 ″ = 199 obtained by subtracting 1 from the image constituent pixel value C ₂₀₀ = 200 is the image constituent pixel value {0, 1, 2, 3, 4, 5, 200, 250, 251, 252, 253, 254, 255} (that is, missing pixel values). Therefore, the image constituent pixel value C200 is extracted as a boundary pixel value. In this way, the result of extracting the boundary pixel values for all the color components becomes the boundary pixel K54 in FIG. 5 and is output to the boundary information extraction unit 43.

Note that as indicated by the boundary pixel K54 in FIG. 5, the pixel value C ₂₀₀ is determined as a boundary pixel in both addition and subtraction, but the number of pixels extracted in duplicate by addition and subtraction is counted as one. To do. Here, as illustrated in FIG. 5, the boundary pixel extraction unit 42 notifies the boundary information extraction unit 43 as to whether or not the boundary pixel value exists. For example, when there is a boundary pixel value, 1 is added to the head of the boundary pixel K, and when there is no boundary pixel value, 0 is added to indicate whether the boundary pixel value exists. Information is transmitted to the information extraction unit 43. That is, the boundary pixel K54 includes the presence / absence of the boundary pixel value at the head, and the number of boundary pixel values and the boundary pixel value thereafter. The details of the boundary pixel extraction unit 42 in the present embodiment have been described above.

  The boundary information extraction unit 43 inputs the boundary pixel K extracted by the previous boundary pixel extraction unit 42 and the image data I generated by the image generation unit 210, and extracts boundary information B from the boundary pixel K and the image data I And output to the verification data generation unit 213.

  Here, the boundary information B includes information that can be determined that the boundary pixel value is the same value at a specific position in the image data. For example, the boundary information B may include the position information of the pixel value having the same boundary pixel value in the image data I and the number of position information in the image regarding the pixel value having the same value. The boundary information B may include all boundary pixel value values and position information in the image corresponding to the boundary pixel values. In the present embodiment, position information in the image of pixel values having the same boundary pixel value in the image data I (information indicating the number of pixels when scanned in the raster scan order), and pixel values that are the same value Information including the number of pieces of position information in the image will be described as boundary information B.

  The boundary information extraction unit 43 specifies the position of the boundary pixel value included in the boundary pixel K in the image data I, and extracts the pixel value corresponding to the specified position. The boundary information extraction unit 43 searches for a boundary pixel value serving as a reference in the order of raster scanning, and if a pixel value equivalent to the reference boundary pixel value is found, extracts position information within the image. At this time, when there are not a plurality of the same boundary pixel values in the image data I, the boundary pixel values are not included in the boundary information B. Such extraction is performed on all boundary pixel values included in the boundary pixel K, and is output to the verification data generation unit 213 as boundary information B.

  Details of the boundary information extraction unit 43 in this embodiment will be described with reference to FIG. First, the boundary information extraction unit 43 determines whether a boundary pixel value exists from the boundary pixel K54. When the boundary pixel value does not exist, the verification data generation unit 213 is notified to that effect, and when the boundary pixel value exists, the following processing is performed.

  Here, it is assumed that image data I from which boundary information B is extracted is indicated by reference numeral 61 in FIG. When the boundary information extraction unit 43 receives the boundary pixel K54, the boundary pixel value for the image data I can be determined from the content of the boundary pixel K54 as indicated by the shaded portion shown in the image 62. When the position in the image data is searched in the raster scan order with respect to the input value of the boundary pixel K, the position information in the image for each boundary pixel value is the position C when the boundary pixel value is “5”. (1). When the boundary pixel value is “200”, the positions are C (7), C (8), C (13), and C (14). When the boundary pixel value is “250”, the position C is (25). Of these, only one piece of position information for the boundary pixel value “5” and the boundary pixel value “250” exists (there are no plurality of the same boundary pixel values), so it is not included in the boundary information B. Therefore, the boundary information B relating to the image data I is that the position information of the pixels having the same boundary pixel value is C (7), C (8), C (13), and C (14) as shown in the image data 63. The number of pieces of position information having the same value is “4”. Here, the boundary information extraction unit 43 notifies the verification data generation unit 213 as to whether or not the boundary information B exists. For example, when the boundary information B can be extracted, 1 is added to the head of the boundary information B, and when the boundary information B is not extracted or when the boundary pixel value does not exist from the boundary pixel extraction unit 42 Then, by adding 0 to the head of the boundary information B, the verification data generation unit 213 is informed of whether the boundary information B exists. When the boundary information B is extracted as described above, boundary information B as indicated by reference numeral 64 is obtained and output to the verification data generation unit 213. Although the format shown in the boundary information B64 is shown here, for example, the boundary information B as shown in the reference numeral 66 arranged one-dimensionally based on the map as shown in the reference numeral 65 may be used. . In this case, information indicating the presence or absence of the boundary information B is added to the head of the boundary information B, and then information corresponding to the position information in the image is added in the raster scan order. If there is a boundary pixel value that is the same value, 1 is added, otherwise 0 is added. In the case of the boundary information B66, it can be confirmed that C (7), C (8), C (13), and C (14) have the same value. The details of the boundary information extraction unit 43 in the present embodiment have been described above.

  To put it flatly, the boundary information calculation unit 211 has a difference between a pixel value existing in the input image data and a non-existing pixel value equal to or less than a preset threshold value (threshold value = 1 in the embodiment). The first verification of information indicating whether or not the detection is successful, and information for specifying the position of the pixel having the successful detection when the detection is successful. It can be said to be a first generation unit that is generated as target information.

<Boundary value calculation processing flow>
Hereinafter, the flow of the boundary information calculation process executed by the boundary information calculation unit 211 in the present embodiment will be described with reference to the flowcharts of FIGS. Here, first, the processing related to the image constituent pixel extraction unit 41 and the boundary pixel extraction unit 42 will be described according to FIG. 7A, and then the processing of the boundary information extraction unit 43 will be described according to FIG. 7B.

  First, the processing flow regarding the image constituent pixel extraction unit 41 and the boundary pixel extraction unit 42 will be described together. First, in the image component pixel extraction unit 41, the image data I generated by the image generation unit 210 is input (S701), and the image component pixel of the input image data I is extracted using the image component pixel extraction unit 41 (S701). S702). Next, the boundary pixel extraction unit 42 is used to specify an image constituent pixel value in the image data I (S703), and minimum accuracy is added to or subtracted from the specified image constituent pixel value (S704). It is verified whether the pixel value to which the minimum accuracy is added or the pixel value to which the minimum accuracy is subtracted is equivalent to the missing pixel value (S705). If it is equal to the missing pixel value, the pixel value before calculation is extracted as the boundary pixel value (S706), and if it is not the missing pixel value, all pixel values are processed without performing the process. It is inspected whether or not (S707). Here, when the processing is not performed for all the image constituent pixel values, the processing is repeated until the processing of all the image constituent pixel values is completed. When the processing is completed for all the image constituent pixel values, it is determined whether or not the boundary pixel value is extracted. If the boundary pixel value can be extracted, the boundary pixel value is included in the boundary pixel K (S710). If the boundary pixel value cannot be extracted, this is included in the boundary pixel K (S709). Finally, the boundary pixel K is output to the boundary information extraction unit 43.

  Next, processing related to the boundary information extraction unit 43 will be described. First, the image data I and the boundary pixel K generated by the boundary pixel extraction unit 42 are input (S712), and it is confirmed whether or not the boundary pixel exists (S713). When there is no boundary pixel, the fact that there is no boundary information is included in the boundary information B (S714). If there is a boundary pixel, boundary information is extracted. In order to make the boundary information weekly, first, the boundary pixel values are specified (S715), and it is confirmed whether or not all the boundary pixel values have been processed (S716). If all the boundary pixel values have been processed, the process proceeds to S720. If all the boundary pixel values are not processed, it is checked whether or not the same boundary pixel value exists in the image (S717). If the same boundary pixel value does not exist, boundary information does not exist. Therefore, the next boundary pixel value is specified and the process is repeated. When the same boundary pixel value exists in the image, position information in all the images related to the pixel value is extracted (S718), and the number of position information is extracted (S719). In S720, it is confirmed whether or not boundary information exists. If there is no boundary information, the fact that there is no boundary information is included in the boundary information B (S714), and if there is boundary information, the boundary information B indicates that the boundary information exists. Include (S721). Finally, the boundary information B is output to the verification data generation unit 213 (S722). The flow of the boundary information calculation process in the present embodiment has been described above.

  Next, the order information calculation unit 212 will be described. The order information calculation unit 212 receives the image data I generated by the previous image generation unit 210 and the random number initial value KR, generates the order information R from the image data I using the input random number initial value, The generated order information R is output.

  Details of the order information calculation unit 212 in the present embodiment will be described with reference to FIG. As shown in FIG. 8, the order information calculation unit 212 in this embodiment includes a pseudo random number generation unit 81, a pixel pair selection unit 82, and a pixel value comparison unit 83.

  In the figure, a pseudo random number generation unit 81 generates a pseudo random number RND using the input initial value KR as a seed, and outputs the generated pseudo random number RND to the pixel pair selection unit 82 in the subsequent stage. However, the initial value KR needs to be shared between the image input device 11 and an image verification device 12 described later. For this reason, common secret information is held in advance in the ROM 21 in the image input apparatus 11 and the ROM 34 in the image verification apparatus 12 so that the verification data generation unit 213 uses the secret information as necessary. . Alternatively, the initial value KR is held in a tamper-resistant device such as an IC card, and the IC card is connected to the image input device 11 and the image verification device 12, and the initial value KR is acquired from the IC card. You may make it use.

  The pixel pair selection unit 82 selects the positions of two pixels from the pixels constituting the image data I using the pseudo random number RND generated by the pseudo random number generation unit 81 in the previous stage. Then, by repeating the selection of the pixels at the two selected positions as one pixel pair, a pixel pair IP composed of a plurality of pixel pairs is generated and output.

  Here, an example of a pixel pair in the present embodiment will be described with reference to FIG. In the figure, 97 indicates image data I, and 91, 92, 94, and 95 indicate pixels in the image data 97, respectively. Pixels connected by dotted lines in the figure are pixel pairs, and the pixels 91 and 92 constitute a pixel pair 93. Further, it is shown that the pixel 94 and the pixel 95 constitute a pixel pair 96. In this case, the pixel pair 93 and the pixel pair 96 are output as the pixel pair IP.

  The pixel value comparison unit 83 receives the pixel pair IP, compares the pixel values constituting the input pixel pair, and outputs the comparison result as order information R.

In the present embodiment, the order information R is generated in the pixel value comparison unit 83 using the following formula (1).
if c (i) <c (j) then Rk = 0 else Rk = 1 (1)

  In Expression (1), c (x) is a pixel value at the pixel position x, and i and j are pixel positions in the pixel pair selected by the pixel pair selection unit 82 in the previous stage. The relative magnitude relation Rk is calculated using the equation (1) for the pixel pair IP selected by the input pseudorandom number RND, and the result of concatenating the calculated magnitude relation Rk is output as the order information R.

  A specific example of calculating Rk and order information R described above will be described with reference to FIGS. 5 and 10 described above. The image data 51 is image data for which the order information R is calculated. First, the magnitude relationship Rk is obtained. Table 101 is for explaining pseudo-random numbers, pixel pairs IP, and magnitude relations Rk for image data. For the image data 51, the pseudorandom numbers RND generated by the pseudorandom number generator 81 are i and j in Table 101, and the pixel pairs IP selected by the pixel pair selector 82 are C (i) and C ( j). In Table 101, a total of six pixel pairs are selected.

  Next, Rk is calculated using Equation 1 for each pixel pair. For example, the first pixel pair in Table 101 is C (i) = 200 and C (j) = 2. In this case, Rk = 1 because C (i)> C (j). On the other hand, since C (i) = 4 and C (j) = 253 in the second pixel pair, Rk = 0 because C (i)> C (j) is not satisfied.

  Using the above method, Rk is also calculated for the remaining pixels. And the order information R (101010) shown to the referential mark 102 of FIG. 10 is produced | generated by connecting the calculated magnitude relationship Rk in order.

  In the example of FIG. 10, the magnitude relationship Rk is calculated and output as the order information R for a part of the pixel pairs IP included in the image data I selected at random. The magnitude relationship Rk may be calculated for each pixel pair IP.

  Further, when calculating the magnitude relation Rk for all the pixel pairs IP and outputting them as the order information R, the pseudo-random number generation unit 81 is not necessarily required. Instead of selecting a pixel pair using the pseudo-random number RND, All the pixel pairs may be selected according to a predetermined order.

  In the present embodiment, the description will be made on the assumption that two pixels are selected as the pixel pair IP. However, the present invention is not limited to this, and N (> 2) pixels may be selected as the pixel pair IP. . In this case, the pixel pair selection unit 82 selects a pixel pair IP composed of N pixels, and the pixel value comparison unit 83 calculates the magnitude relationship of the N pixel values and outputs the result as order information R. To do. In general, the magnitude relationship of N pixel values is N! Since there is a possibility, the magnitude relationship Rk of one pixel to IP is N! The order information is configured with a bit length capable of expressing. For example, when N = 3, the pixel value is 3! Since there may be 6 cases, the magnitude relationship Rk may be expressed by 3 bits.

Here, when Expression 1 is used, the calculated magnitude relationship Rk can be expressed by 1 bit because “0” or “1” exists. However, for example, when the following equation (2) is used, the calculated magnitude relationship Rk needs to be expressed by 2 bits because there are three types of “0”, “1”, and “2”. . That is, the amount of information increases when using equation (2) compared to when using equation (1). On the other hand, since the magnitude relationship can be expressed precisely, more accurate verification is possible.
if c (i) <c (j) then Rk = 0
if c (i)> c (j) then Rk = 1
else Rk = 2 (2)

  Speaking of the above, each time the order information calculation unit 212 selects N pixels (N is an integer of 2 or more) from the input image data according to a preset random number, It can be said that the second generation unit generates information for specifying the magnitude relationship between the pixel values of the 1st to Nth pixels as the second verification target information.

  The details of the order information calculation unit 212 in the present embodiment have been described above.

  Subsequently, returning to FIG. 2B, the description will be continued. The verification data generation unit 213 receives the boundary information B generated by the boundary information calculation unit 211 and the order information R generated by the order information calculation unit 212, and verifies the verification data from the input boundary information B and the order information R. S (BR) is generated and output to the subsequent image output unit 214.

  As verification data in the present embodiment, a MAC (Message Authentication Code), an electronic signature, or the like is applicable. The MAC and electronic signature generation method is a technique known to those skilled in the art, and a detailed description thereof will be omitted. The data that is the subject of the electronic signature or MAC is configured as shown by reference numeral 103 in FIG. 10, for example. In the present embodiment, the order information R uses a hash or the like to reduce the amount of information, and the boundary information B is applied as it is to the digital signature or MAC as it is. In the present embodiment, the amount of information regarding the order information R is reduced. However, the present invention is not limited to this, and for example, an electronic signature or MAC may be applied to the data as it is.

  When the MAC is applied as the verification data, secret information for generating the MAC is input as the signature key KS and used when generating the MAC. The signature key KS needs to be shared between the image input device 11 and an image verification device 12 described later. For this reason, common secret information is held in advance in the ROM 21 in the image input apparatus 11 and the ROM 34 in the image verification apparatus 12 so that the verification data generation unit 213 uses the secret information as necessary. . Alternatively, the signature key KS is held inside a tamper-resistant device such as an IC card, and the IC card is connected to the image input device 11 and the image verification device 12, and the verification data generation unit 213 is connected from the inside of the IC card. The signature key KS may be acquired and used. Alternatively, new secret information may be generated inside the image input apparatus 11 and the generated secret information may be used as the signature key KS. In this case, the generated secret secret information may be stored in a tamper-resistant device such as an IC card or transmitted to the image verification device 12 after being encrypted.

  On the other hand, when an electronic signature is applied as verification data, a secret key for generating an electronic signature is input as a signature key KS. For this reason, the signature key KS is held in advance in the ROM 21 in the image input apparatus 11 so that the verification data generation unit 213 uses the signature key KS as necessary. Alternatively, the signature key KS is held inside a tamper-resistant device such as an IC card, and the IC card is connected to the image input device 11, and the verification data generation unit 213 acquires the signature key KS from the inside of the IC card. You may make it use it. Alternatively, a new signature key KS may be generated inside the image input apparatus 11 and the generated signature key KS may be used. In any case, a public key corresponding to the signature key KS used by the verification data generation unit 213 is required inside the image verification apparatus 12 described later. Therefore, the subsequent image output unit 214 adds the public key corresponding to the signature key KS to the image data and transmits the image data to the image verification apparatus 12. Alternatively, a public key is held on a server (not shown), and information (such as a URL) indicating a public key holding position on the server is recorded in the image data. Then, the image verification apparatus 12 may acquire the public key from the server as necessary by using information indicating the holding position.

  The image output unit 214 receives the image data I output from the previous image generation unit 210 and the verification data S (BR) output from the verification data generation unit 213, and the verification data S (BR) is input to the image data I. To be output. In the present embodiment, as an addition method, verification data S (BR) is recorded in the header of image data I formatted by Exif or the like. However, the present invention is not limited to this, and the verification data S (BR) may be connected to the image data I, and any format may be used. The image output unit 214 records the image data I on a storage medium such as a removable medium, or transmits it to a predetermined host via a wired / wireless network. The configuration of the image input device 11 in the present embodiment has been described above.

<Flow of shooting process>
Hereinafter, the flow of the photographing process executed by the image input apparatus 11 in the present embodiment will be described using the flowchart of FIG. FIG. 11 is a flowchart showing a flow of photographing processing applicable to this embodiment.

  First, the image data I is imaged using the image generation unit 210 in accordance with an imaging instruction from the user (S111). Next, the boundary information calculation unit 211 calculates boundary information B (S112), the pixel pair selection unit 82 selects the pixel pair IP using the pseudorandom number RND generated by the pseudorandom number generation unit 81 (S113), The pixel value comparison unit 83 is used to calculate the order information R of the pixel pair IP (S114). Then, the verification data generation unit 213 is used to generate verification data S (BR) for the order information R (S115), and finally the image data to which the verification data S (BR) is added is output from the image output unit 214. Output (S116). The shooting process flow according to the present embodiment has been described above.

<Configuration of image verification device>
Hereinafter, the functional configuration of the image verification apparatus 12 applied to the present embodiment will be described with reference to FIG. In the following description, it is assumed that the above-described host computer 12 is powered on, the OS is loaded into the work memory 35, and the verification processing application program is also executed in the work memory 35.

  As shown in FIG. 3B, the image verification apparatus 12 in this embodiment includes an image input unit 316, an order information calculation unit 317, and a verification unit 318. Note that the image verification processing described here may be realized by software processing. In that case, each of the above sections should be considered as a conceptual view of the functions necessary for the above processing.

  The image input unit 316 inputs image data I ′. It is easy to understand that the image data I 'is input via a removable medium and / or a network. Further, the image input unit 316 analyzes the header of the input image data I ′, extracts (or separates) the added verification data S (BR), and verifies the extracted verification data S (BR). Output to.

  The order information calculation unit 317 inputs the image data I ′ from the previous image input unit 316 and the random number initial value KR from the ROM 34, and the order information R ′ from the input image data I ′ and the random number initial value KR. And the generated order information R ′ is output. In the present embodiment, the order information calculation process executed inside the order information calculation unit 317 is the same as the order information calculation process executed inside the order information calculation unit 212 in FIG. Since it is a process, description here is abbreviate | omitted.

  The verification unit 318 inputs the order information R ′ generated by the previous order information calculation unit 317, the verification data S (BR) extracted by the image input unit 316, the image data I ′, and the verification key KS. Then, it is verified whether or not the image data I 'has been tampered with using the input data, and a verification result (OK / NG) is output.

  Details of the verification unit 318 in this embodiment will be described with reference to FIG. As shown in FIG. 12, the verification unit 318 in this embodiment includes a decoding unit 121, a first verification unit 122, and a second verification unit 123.

  The decryption unit 121 decrypts the input verification data S (BR) with the input verification key KS. As a result, the boundary information B and the order information R (the information amount reduced by using a hash or the like) are output to the first verification unit 122 and the second verification unit 123, respectively. Note that the processing executed by the decryption unit 121 must correspond to the verification data generation unit 213 described above. That is, when the verification data generation unit 213 generates a MAC, the verification key KS applies the same secret information as the signature key KS applied by the verification data generation unit 213 in the case of MAC, and in the case of an electronic signature. The public key corresponding to the signature key KS applied by the verification data generation unit 213 should be considered. If decryption fails, NG is output.

  The first verification unit 122 receives the boundary information B obtained by the preceding decoding unit 121, verifies the image data I ′ based on the boundary information B, and outputs the verification result (OK / NG). Output. The first verification unit 122 refers to the boundary information B obtained by the preceding decoding unit 121 and first checks whether the boundary information B exists. When the boundary information does not exist, that is, when the head of the boundary information B is 0 in this embodiment, the verification result (OK) is output. When the boundary information exists, that is, when the head of the boundary information B is 1. The relationship between the position information of pixels having the same boundary value and the number of position information having the same value is examined. As a result, if it can be determined that the pixel values are the same for the specific position information indicated in the boundary information B, a verification result (OK) is output. On the contrary, if it can be determined that the pixel values are not equivalent with respect to the specific position information, it is determined that the image has been tampered with, and a verification result (NG) is output.

  Here, details of the first verification unit 122 in the present embodiment will be described with reference to FIG. Here, the boundary information B input to the first verification unit 122 is the reference numeral 64 in FIG. 6 described above, and the image data I ′ is the reference numeral 131 in FIG. 13. The shaded portion of the image data I ′ 131 represents the position information included in the boundary information B. As for the input boundary information B, there are four pieces of position information having the same value, and the position information is C (7), C (8), C (13), and C (14), respectively. I understand that. Therefore, when the pixel values of the pixels C (7), C (8), C (13), and C (14) of the image data I'131 are examined, all become 199. Therefore, it can be determined that the pixel values of the position information indicated by the boundary information B are the same value. When all the boundary pixel values are verified with respect to the boundary information B and it can be determined that the pixel values are the same for each position information, the first verification unit 122 outputs a verification result (OK). For example, as shown in the image data 132, when the pixel value of C (13) is 200 and the pixel values of C (7), C (8), and C (14) are 199, C (7) , C (8), C (13), and C (14) pixel values are not the same, and therefore different from the content of the boundary information B, the first verification unit 122 outputs a verification result (NG). The details of the first verification unit in the present embodiment have been described above.

<First verification processing flow>
Hereinafter, the flow of the first verification process executed by the first verification unit 122 in this embodiment will be described using the flowchart of FIG.

  First, the boundary information B and image data I ′ decoded by the decoding unit 121 are input (S161), and it is checked from the input boundary information B whether boundary information exists (S142). If the boundary information does not exist, it is determined that the verification is successful (S146). If the boundary information exists, the boundary information is verified. Subsequently, the number of position information having the same value is extracted from the input boundary information B (S143), and the position information of pixels having the same boundary value is extracted (S144). It is verified whether or not all pixel values are the same in the extracted number of pieces of position information having the same value and the position information of the pixels having the same boundary value (S145). If the pixel values related to the position information are the same, the verification is successful (S146), otherwise the verification is failed (S147). The flow of the first verification process in the present embodiment has been described above.

  The second verification unit 123 inputs the input order information R ′ and the order information R extracted by the preceding decoding unit 121, and outputs a verification result (OK / NG). Specifically, the inputted order information R ′ and the order information R are compared, and if they match, a verification result (OK) is obtained. If the input order information R reduces the amount of information using a hash or the like when generating verification data, the second verification unit performs the same processing and compares the result, and the verification result (OK / NG) is obtained. Output.

<Flow of image verification processing>
Hereinafter, the flow of image verification processing executed by the image verification apparatus 12 according to the present embodiment will be described with reference to the flowchart of FIG.

  First, the image input unit 316 inputs image data I '(S151). Next, the pixel pair IP is selected by the pixel pair selection unit 82 using the pseudo random number RND generated by the pseudo random number generation unit 81 (S152), and the order information of the pixel pair IP selected using the pixel value comparison unit 83 is selected. R is calculated (S153). Then, the decoding unit 121 executes a decoding process (S154). Then, it is determined whether or not the decoding is successful (S155). If the decoding process is successful, the process proceeds to the first verification process (S156; first determination process), otherwise the verification is failed (S1511). In the first verification process (S156), as in the case of the image input device, among pixel values existing in the image data, pixel values whose difference from the non-existing pixel values is equal to or less than a preset threshold value. Detection is performed, and whether or not the detection is successful, and if the detection is successful, the position of the pixel having the pixel value that has been successfully detected is extracted. In step S157, the extracted information is compared with the boundary information B in the verification data obtained by decoding, and it is determined whether the verification is successful (whether they match). If the verification result is a verification success, the process proceeds to the second verification process (S158; second determination process); otherwise, the verification is failed (S1511). In the second verification process (S158), two pixels are selected from the input image data according to the same random number as the image input device, and information for specifying the magnitude relationship between the two pixels is created. Then, the hash value of the information is obtained, and the value is compared with the hash value of the order information R in the verification data obtained by decryption to determine whether or not the verification is successful (S159). If the verification is successful, that is, if both the boundary information B and the order information R match the respective information obtained by decoding, it is determined that the image verification is successful (no tampering). If at least one of them does not match, in S1511 it is determined that the verification has failed (has falsification), and the process ends. The flow of the image verification process in the present embodiment has been described above.

<Example of tampering method>
Hereinafter, an example of a tampering method that can be countered by the present invention will be described. The falsification method described here is an attack that falsifies a pixel serving as a boundary value to a missing pixel value. For example, it is assumed that the order information is generated using the following Expression 3.
if c (i) ≧ c (j) then Rk = 0 else Rk = 1 (3)
In such a case, it is possible to configure the order information R with binary values of “0” and “1”, but an attack described below is possible.

  Reference numeral 161 shown in FIG. 16 indicates input image data. Here, the shaded portion shown in the image data 161 indicates the boundary pixel value. At this time, when order information for all the pixels is generated for the pixel (2, 2) in the image data 161, a map of order information as indicated by reference numeral 162 is generated. Further, the image data 161 is altered to image data as indicated by reference numeral 163. In this case, the content to be altered is to change the boundary pixel value 200 corresponding to the hatched portion shown in the image data 163 to “176” which is the missing pixel value. At this time, as with the image data 161, order information for all the pixels is generated for the pixel (2, 2) in the image data as shown in the image data. Then, a map of order information as indicated by reference numeral 164 is generated. When the generated map of the order information is confirmed, the order information in the hatched portion is “0”, which is the same map as compared with the order information map 162 described above. Thus, when the order information using Equation (3) can be expressed by binary values of “0” and “1”, an attack to change the pixel value of the boundary pixel value to the value of the missing pixel value is performed. Is possible.

  Therefore, in this embodiment, boundary information is calculated by the boundary information calculation unit, and the boundary information is sent to the verification side. By doing so, even when the boundary pixel value is changed to a missing pixel value, all of the boundary pixel values must be the same pixel value, so that the above-described problem can be detected. In the above, an example of the falsification method which can be countered by this invention was demonstrated.

  As described above, according to the present embodiment, the boundary information B (the number of boundary values and their position information) and the order information R are added to the verification data for the image data I generated by the image generation unit 210. Thereby, even when the image data I performs the image reproduction process, the verification process can be made successful. In particular, by adding the boundary information B to the verification data, it is possible to detect falsification against an attack that falsifies a pixel serving as a boundary value to a missing pixel value. This is because only a part of the boundary value cannot be changed by having information on the position of the value that becomes the boundary value.

  Incidentally, in the present invention, in addition to the effects described above, it is important to express the order information in binary. The attack method described above can be countered by expressing the order information as ternary values. However, if the amount of information is taken into consideration, the order information is expressed as binary values and the boundary information is added. It is possible to do.

  In the embodiment, a digital camera is taken as an example of the image input device 11. However, an image scanner may be used, and an information processing device with an imaging unit connected or accommodated may be used. Further, in the embodiment, the description has been made on the assumption that one pixel is one component and the component value is 8 bits. However, one pixel may be a plurality of components, and is expressed by the number of bits exceeding 8 bits. It can also be applied to This is because when one pixel is represented by a plurality of components, the above embodiment may be applied to each component.

(Other examples)
The present invention can also be realized by executing the following processing. That is, software (program) that realizes the functions of the above-described embodiments is supplied to a system or apparatus via a network or various storage media, and a computer (or CPU, MPU, or the like) of the system or apparatus reads the program. It is a process to be executed.

Claims (9)

An information processing apparatus for generating verification data for assuring the originality of image data from the image data,
Image input means for inputting image data to be guaranteed for originality;
Whether the pixel value that is different from the non-existent pixel value is less than or equal to a preset threshold value among the actual pixel values input in the image data input by the image input unit and has been detected successfully First generation means for generating, as first verification target information, information indicating whether or not, and information for specifying a position of a pixel having a pixel value that has been successfully detected when detection is successful;
Each time N pixels (N is an integer of 2 or more) are selected from the image data input by the image input unit according to a preset random number, the first to Nth pixels of the selected N pixels are selected. Second generation means for generating, as second verification target information, information specifying the magnitude relationship of each pixel value;
Verification data generation means for generating verification data of the image data input by the image input means using the first verification target information and the second verification target information;
An information output apparatus comprising: an image output unit that outputs the verification data generated by the verification data generation unit together with the image data input by the image input unit. The first generation means detects an existing pixel value having a difference of 1 from the non-existing pixel value;
The information processing apparatus according to claim 1, wherein the second generation unit selects two pixels from the image data according to the preset random number.   The information processing apparatus according to claim 1, wherein the image input unit is an imaging unit. A verification device that verifies the presence or absence of falsification of the image data based on image data and verification data generated by the information processing device according to claim 1,
Input means for inputting image data to be verified and verification data for the image data;
Among pixel values existing in the image data input by the input means, a pixel value whose difference from a non-existing pixel value is equal to or less than a preset threshold value is detected, and whether or not the detection has succeeded, In addition, when the detection is successful, a first determination is made as to whether or not the position of the pixel having the pixel value that has been successfully detected matches the first verification target information included in the verification data input by the input means. Determining means,
Each pixel of the first to Nth pixels among N pixels obtained by selecting N pixels (N is an integer of 2 or more) from the image data input by the input means according to a preset random number. Second determination means for determining whether or not the information for specifying the magnitude relationship between the values and the second verification target information included in the verification data input by the input means match;
When the determination results of both the first determination unit and the second determination unit indicate that they match, it is determined that the image data input by the input unit is not falsified, and the first determination unit And a verification unit that determines that the image data input by the input unit is falsified when the determination result of at least one of the second determination units indicates a mismatch. An information processing apparatus control method for generating verification data for guaranteeing originality of image data from the image data,
An image input step in which the image input means inputs image data to be guaranteed for originality;
The first generation means detects a pixel value whose difference from the non-existing pixel value is equal to or less than a preset threshold value among the actual pixel values input in the image data input by the image input step. First information that generates information indicating whether or not detection is successful, and information that specifies the position of a pixel having a pixel value that has been successfully detected as detection target information when detection is successful Generation process;
Each time the second generation unit selects N pixels (N is an integer of 2 or more) from the image data input in the image input step according to a preset random number, the second generation unit in the selected N pixels A second generation step of generating, as second verification target information, information that specifies the magnitude relationship between the pixel values of the first to Nth pixels;
A verification data generating unit that generates verification data of the image data input by the image input step using the first verification target information and the second verification target information; and
A method for controlling an information processing apparatus, comprising: an image output step in which image output means outputs the verification data generated in the verification data generation step together with the image data input in the image input step. A control method for a verification device that verifies the presence or absence of falsification of the image data based on image data and verification data generated by the information processing device according to claim 1,
An input step in which the input means inputs image data to be verified and verification data for the image data;
The first determination means detects a pixel value in which the difference from the non-existing pixel value is equal to or less than a preset threshold value among the existing pixel values in the image data input in the input step. And whether or not the position of the pixel having the pixel value that has been successfully detected matches the first verification target information included in the verification data input in the input step. A first determination step of determining whether or not;
The first through the N pixels obtained by the second determination unit selecting N pixels (N is an integer of 2 or more) from the image data input in the input step according to a preset random number. A second determination step of determining whether or not the information specifying the magnitude relationship between the pixel values of the Nth pixel matches the second verification target information included in the verification data input in the input step; ,
When the verification means indicates that the determination results of both the first determination step and the second determination step match, it is determined that the image data input in the input step is not falsified, and the second And a verification step for determining that the image data input in the input step is falsified when the determination result of at least one of the first determination step and the second determination step indicates a mismatch. Control method of verification device. As an information processing apparatus for generating verification data for guaranteeing the originality of image data input from the image input means by causing a computer having image input means for inputting image data to be read and executed A functioning program,
The computer,
Whether the pixel value that is different from the non-existent pixel value is less than or equal to a preset threshold value among the actual pixel values input in the image data input by the image input unit and has been detected successfully First generation means for generating, as first verification target information, information indicating whether or not and information for specifying a position of a pixel having a pixel value that has been successfully detected when detection is successful,
Each time N pixels (N is an integer of 2 or more) are selected from the image data input by the image input unit according to a preset random number, the first to Nth pixels of the selected N pixels are selected. Second generation means for generating, as second verification target information, information that specifies the magnitude relationship of each pixel value;
Verification data generation means for generating verification data of the image data input by the image input means using the first verification target information and the second verification target information;
A program for causing verification data generated by the verification data generation means to function as image output means for outputting together with the image data input by the image input means. The computer is generated by the information processing apparatus according to claim 1 by being read and executed by a computer having an input unit for inputting image data to be verified and verification data for the image data. A program that functions as a verification device that verifies the presence or absence of falsification of the image data based on image data and verification data,
The computer,
Among pixel values that are actually present in the image data input by the input means, detect a pixel value whose difference from a non-existent pixel value is equal to or less than a preset threshold value, and whether or not the detection is successful. In addition, when the detection is successful, a first determination is made as to whether or not the position of the pixel having the pixel value that has been successfully detected matches the first verification target information included in the verification data input by the input means. Determining means,
Each pixel of the first to Nth pixels among N pixels obtained by selecting N pixels (N is an integer of 2 or more) from the image data input by the input means according to a preset random number. Second determination means for determining whether or not the information for specifying the magnitude relationship between the values and the second verification target information included in the verification data input by the input means match;
When the determination results of both the first determination unit and the second determination unit indicate that they match, it is determined that the image data input by the input unit is not falsified, and the first determination unit And a program for causing the image data input by the input means to function as a verification means for determining that there is falsification when a determination result of at least one of the second determination means indicates a mismatch.   A computer-readable storage medium storing the program according to claim 7 or 8.

Images