JP2014119466A - Information protective portable camera system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a portable camera which can support sudden image acquisition while preventing confidential information from leaking out when a recording medium or a camera is lost, stolen, etc.SOLUTION: In a recording portable camera, only encrypted images can be stored, and captured images cannot be decrypted nor referred to even by a proper user who has captured the images. A decryption key is saved in an image decryption PC installed in a highly secured base, and only this PC can perform decryption of the encrypted images. Also, the recording portable camera has a mechanism for inhibiting unauthorized update of an encryption key.

Description

With the development of digital camera technology, image acquisition cameras have become portable, small and lightweight electronic devices, and are currently mounted on various electronic devices. At the same time, however, miniaturization of devices is increasingly used for criminal purposes such as privacy infringement by voyeurism and theft of confidential information. On the other hand, the ability to easily carry a portable camera is effective in situations where image acquisition is suddenly required even in places not covered by a fixed camera.

We think that it would be useful to have a portable camera that can handle sudden image acquisition while preventing unauthorized use.
For example, in an organization (laboratory, factory, plant, etc.) having confidential information, it is common to restrict camera entry and photographing in order to prevent leakage of confidential information. However, when a sudden event (accident, malfunction, breakage) occurs, there is no image at the time of the event, so it may take time to investigate the cause and confirm the fact, or lead to an incorrect conclusion. It is done. If an individual worker or monitor can carry a camera, the possibility of acquiring an image when an event occurs increases, which may be useful for later analysis.
In addition, it is considered useful for police officers and the like to carry a camera for recording images for investigating crimes and securing evidence. However, if it is not possible to prevent the acquired image from being used for other purposes, it may be a violation of the privacy of the general public and the police officer who owns the camera. I think it will remain.

An image acquired with a portable camera for recording must be encrypted and recorded / saved, so that it cannot be saved without encryption, and the image can be decrypted only with a personal computer terminal that can obtain an encryption key. To do.

FIG. 1 shows an outline of the camera system.
The portable camera for recording is carried by an operator or the like as needed, or is placed at a certain location so that it can be used when there is a need to acquire an image due to a sudden event or the like.

A maintenance management PC will be installed at the operation base of the recording portable camera, and the portable camera will be connected periodically so that the public key can be updated and the operation can be checked. If necessary, encrypted image data on the camera device (image data storage removable media) is acquired, and the data is provided to the image decryption PC having a secret key. The maintenance management PC may be the same PC as the key management PC or the image decryption PC as long as sufficient security is maintained.

Key information is generated and managed on a key management PC installed in a limited high security base. An encrypted image can be used only by an image decryption PC that stores a secret key managed by the PC. The key management PC and the image decryption PC may be the same PC.

The public key used for encryption can be updated in preparation for leakage of the private key. Only possible by a command (including new public key information) encrypted with a private key paired with a stored public key. This encryption command is created on the key management PC, and the command is input from the maintenance management PC connected by the camera management connection cable.

When the public key information in the recording portable camera is damaged or erased, the design needs to maintain the memory chip on the internal substrate in the manufacturing vendor. * Although there is no fundamental countermeasure against unauthorized rewriting of memory chips on the internal substrate, advanced knowledge and handling techniques for electronic devices are required for implementation. Those who have such technology are considered to be able to create a fake device, and such a possibility should be eliminated by performing a check in operation management.

The photographed image cannot be decrypted or referenced by the photographer. Even if the recording medium or the camera is lost, there is no risk of leakage of confidential information. Therefore, it can be used not only for the recording of sudden events but also for work recording in places where confidentiality is required.

An overall overview of the camera system is shown. The flow of in-camera encryption processing is shown. The flow of data processing in the image decoding PC terminal is shown. The flow of key generation and data distribution for updating the encryption key is shown. The flow of the update process of the public key in the camera using the maintenance management PC terminal is shown.

FIG. 2 shows the flow of in-camera encryption processing.
When starting the image acquisition, it is confirmed whether both the public key and the asymmetric key ID information indicating the ID of the secret key to be paired are stored in the camera internal flash memory. If it does not exist, the image acquisition process is not started.
A common key for image encryption is generated (1). This is because encryption of image data with a public key (asymmetric encryption method) increases processing load and makes real-time processing difficult, and therefore uses a common key encryption method as an auxiliary. The common key is newly generated every time image acquisition is started.
A new storage folder is created (2) on the encrypted image recording medium, and the common key (3) and asymmetric key ID (4) encrypted with the public key are stored.
Image data acquisition processing is started from the image data generation module (5), and the image data is stored (6) while being encrypted with the common key.
The asymmetric key ID, encrypted common key, and encrypted image data created in the new folder are treated as a set, and three files in this set are required for decryption.

FIG. 3 shows a flow of data processing in the image decoding PC terminal.
When decrypting an image, first, the information of the asymmetric key ID is referred to (1). Based on this information, an inquiry is made to the key management PC (2), the corresponding private key is obtained, and stored in the memory (3).
The encrypted common key is decrypted by using the secret key held in the memory (4).
The image data is decrypted using the decrypted common key (5).

FIG. 4 shows a flow of key generation and data distribution for updating the encryption key.
A new asymmetric key set is generated by the key management module of the key management PC terminal (1).
A new asymmetric key set is registered in the asymmetric key management DB (2).
The secret key of the current asymmetric key set is read from the asymmetric key management DB (3).
The new asymmetric key ID and the new public key are encrypted with the current secret key (4).
The maintenance management module of the maintenance management PC terminal accesses the key management PC terminal at startup or periodically to check whether update data has been created (5).
If there is new data, the information is stored locally (6).

FIG. 5 shows a flow of a process for updating the public key in the camera using the maintenance management PC terminal.
Connect the maintenance management PC and the portable recording camera with the camera management connection cable in advance.
The maintenance management module of the maintenance management PC adds the encrypted public key update data to the update command (1) and transmits it to the recording portable camera (2).
Upon receiving the update command, the encryption function module takes out the encrypted public key update data (3) and decrypts it with the public key currently stored in the built-in flash memory (4).
The asymmetric key ID and public key currently stored in the built-in flash memory are overwritten with the new asymmetric key ID and new public key obtained by decrypting (5).

Claims (3)

A portable camera system for information protection, which only allows encrypted image storage in a portable camera for recording. The portable camera system for information protection according to claim 1, wherein the encrypted image data is allowed only by an image decryption PC installed at a high security base. 2. The information protection-compatible portable camera system according to claim 1, wherein the encryption key can be updated only by a command created using a secret key to prevent unauthorized updating of the encryption key.

Images