JP5163727B2 - Signature management method, signature management system - Google Patents

Description

  The present invention relates to a signature management method and a signature management system, and in particular, streaming data such as moving images and audio, and streaming in which partial extraction (specifically, including change / extraction, sanitization, etc.) occurs. The present invention relates to a partial integrity guarantee system that can identify an extraction point from original data and can guarantee the validity of the extracted data and can be proved by a third party.

In recent years, surveillance cameras have been installed in stores, downtowns, apartment houses, etc., and drive recorders have been installed on business vehicles, and the number of cases in which moving images are handled as evidence is increasing. In addition, as a countermeasure against troubles in telephone transactions and support operations, it is becoming common knowledge to record conversations between customers and operators and maintain them as evidence.
Currently, video and audio / video files are provided as they are when using video and audio as evidence. However, if digitalization of image / sound storage progresses, tampering and editing will become easier, and if it is handled as evidence, third-party certification such as a signature or a time stamp is required. Services and products that record and record telephone operator voices with time stamps are currently being sold, and it is expected that the need for such technologies will increase in the future.

On the other hand, privacy protection against the use of captured images has become a problem for an increasing number of surveillance cameras and the like, and is being discussed by the Ministry of Internal Affairs and Communications.
In addition, due to the enforcement of the Personal Information Protection Law, etc., the use of personal privacy information is severely restricted, and if requested by the principal, disclosure or partial deletion is necessary.
In order to deal with such issues of both evidence and privacy protection, research on sanitized signature technology that guarantees the partial originality (integrity) of a part of an electronic document and keeps it confidential (inking) is progressing. Yes.

  In particular, Patent Document 1 discloses an electronic document sanitization signature technique (hereinafter referred to as PIAT) that solves a problem that a signature applied to a document cannot be verified by concealing a part of the document. ) Is disclosed. By applying this PIAT, it is possible to verify the signature even when the electronic document with the signature is painted, and third-party proof that there is no modification except for the painted (changed or added) portion It becomes possible to do.

Also, Japanese Patent Application No. 2007-12048, which aims to guarantee the originality of moving image / audio data, extract data that can be protected from the signature, and significantly reduce the amount of signature-related data. There are techniques as described.
Furthermore, as described in Japanese Patent Application No. 2007-326801, even if a part of the original stream data is cut out, the cut out stream data is prevented from being unplayable, and is part of the original stream data and is not modified. A technology that can prove to the three parties has also been devised.

International Publication WO2006 / 008847

However, in Patent Document 1, there is a problem that information related to a signature becomes very large when a part of large data (long-time video or audio) such as a moving image or audio is extracted.
Furthermore, in the technology of Japanese Patent Application No. 2007-12048 which solves this problem, attention is not paid to the format of the moving image / audio data. Therefore, even if a part of the original stream data is cut out, the cut-out stream data cannot be reproduced. It was difficult to prove to a third party that it was a part of the original stream data and that there was no modification while avoiding it.

  Further, in the technique of Japanese Patent Application No. 2007-326801 that solves this problem, a sequence is generated when a signature is generated for original stream data, when clipped stream data is saved, when a signature of clipped stream data is generated, and when signature verification of stream data is performed. Generates and verifies PIAT signature information including the sequence header by adding the contents of the latest sequence header to the beginning of the partial information (GOP) to which the header (the header that stores the sequence information of the entire streaming data) is not added Provides a means to However, the conventional patent document 1, Japanese Patent Application No. 2007-1248, and Japanese Patent Application No. 2007-326801 have problems in the management method of the signature related information that is the verification information. Specifically, since streaming data and signature related information are currently managed as separate files, it is necessary to associate streaming data with signature related information when managing and disclosing the file group. As a countermeasure, in some cases, it is necessary to prepare, manage, and operate an original server, which is costly.

  As a countermeasure, the above-mentioned problem can be solved by storing and integrating the signature related information in the sequence header of the streaming data. However, depending on the way of storing the streaming data depending on the storage method, simply storing it in the sequence header. There was a problem that decoding analysis (reproduction) could not be performed.

  Therefore, the present invention has been made to solve such problems, and an object of the present invention is to provide a signature management method and a signature management system capable of reducing management / disclosure costs.

  The signature management method is a signature management method for performing signature management for partial cutout of streaming data by a system including a signature generation server, an information extraction server, and a signature verification server connected via a network. Receiving the instruction from the user terminal, creating the first signature related information for the streaming data, the signature generation server including the sequence header of the streaming data, the stream header information necessary for reproducing the streaming data, and the user freely It is divided into user header information that can be stored, and a start code value indicating that the signature related information is stored is added to the end of the user header information, and the first signature related information storage location is indicated in the user header information Stores start code value and first signature related information in order And a user in which the signature generation server stores the start code value indicating that the signature related information is stored, the start code value indicating the first signature related information storage location, and the first signature related information. Transmitting streaming data to which the sequence header including header information is added to the information extraction server; and receiving the streaming data transmitted from the signature generation server and storing the streaming data in the first document management database. The information extraction server receives the instruction from the extractor terminal, and based on the instruction, extracts the streaming data to which the sequence header including the user header information is added from the first document management database, and transmits the streaming data to the extractor terminal. Step and streaming sent from the extractor terminal by the information extraction server Receiving the partial data obtained by cutting out a part of the data, creating the second signature related information for the partial data, and the information extraction server as a sequence header of the partial data Generating, after the first signature related information in the user header information, an additional storage of a start code value indicating the storage location of the second signature related information and the second signature related information, and information; The extraction server stores a start code value indicating that the signature related information is stored, a start code value indicating the first signature related information storage location, the first signature related information, and the second signature related information storage location. The partial data to which the sequence header including the user header information in which the start code value and the second signature related information are stored is added. Transmitting to the name verification server, the signature verification server receiving the partial data transmitted by the information extraction server and storing it in the second document management database, and the signature verification server receiving an instruction from the verifier terminal For the partial data stored in the second document management database, a start code value indicating that the signature related information is stored, a start code value indicating the first signature related information storage position, and the second signature Performing verification based on the first signature related information and the second signature related information extracted based on the start code value indicating the storage position of the related information, and transmitting the verification result to the verifier terminal. To do.

  According to the present invention, since the signature related information is stored in the user header information of the sequence header so that the start code does not appear, the management / disclosure cost can be reduced while enabling the decoding analysis of the streaming data.

It is a system configuration figure of an information extraction certification system in an embodiment of the invention. It is a block diagram of the certification authority server in the embodiment. It is a block diagram of the signature production | generation server in embodiment. It is a block diagram of the information extraction server in embodiment. It is a block diagram of the signature verification server in an embodiment. It is the flowchart which showed the registration process of the public key between the transmission apparatus and certification | authentication authority server in embodiment. 6 is a flowchart illustrating a process for transmitting and receiving information with a digital signature and a process for verifying a receiving apparatus in the embodiment. It is the figure which showed the outline | summary of the algorithm of PIAT. It is the figure which showed an example of the image type of MPEG1, and its arrangement | sequence. It is the figure which showed an example of the video frame structure of MPEG1 in embodiment. It is the figure which showed the structure of the sequence header. It is the flowchart which showed the signature production | generation process in embodiment. It is the flowchart which showed the signature production | generation process in embodiment. It is the flowchart which showed the information extraction process in embodiment. It is the flowchart which showed the information extraction process in embodiment. It is the flowchart which showed the signature verification process in embodiment. It is the figure which showed the signature production | generation method of the original moving image information in embodiment. It is the figure which showed an example of the frame structure when the sequence header in embodiment is not added. It is the figure which showed the content of the signer's PIAT signature information in embodiment. It is the figure which showed the structure of the sequence header after storing PIAT signature information of the original moving image information in the embodiment. It is the figure which showed the signature production | generation method of the original moving image information in the modification of embodiment. It is the figure which showed extraction operation | movement of the original moving image information in embodiment. It is the figure which showed the production | generation method of the cutout moving image information in embodiment. It is the figure which showed the signature production | generation method of the cut-out moving image information in embodiment. It is the figure which showed the content of the extractor's PIAT signature information in embodiment. It is the figure which showed the structure of the sequence header after PIAT signature information of cut-out moving image information in embodiment was stored. It is the figure which showed the signature production | generation method of the cut-out moving image information in the modification of embodiment. It is the figure which showed the selection screen of the moving image information of verification object in embodiment. It is the figure which showed the signature verification method of the cut-out moving image information in embodiment. It is the figure which showed the signature verification method of the cut-out moving image information in the modification of embodiment. It is the figure which showed the signature verification result of the cut-out moving image information in embodiment.

Embodiments of the present invention will be described below with reference to the accompanying drawings.
First, the configuration of the information extraction certification system in the present embodiment will be described with reference to FIG.
In FIG. 1, 1 is a network. However, 1 includes all communication line networks such as the Internet, an intranet, and a wide area network. Reference numeral 2 denotes a server of a certification authority that manages electronic signature information. As is well known, an electronic signature is obtained by sending signature information, signature target information, and public key certificate obtained by encrypting information that is a summary of the signature target information (message digest) with the sender's private key to the other party. After confirming the validity of the public key certificate, the encrypted signature information is decrypted with the public key included in the public key certificate and compared with the summary information obtained from the signature target information. This is a technique for determining whether or not transmission is from a legitimate partner based on whether or not the comparison results are the same (details will be described later).

  In this technology, since it is necessary to guarantee the validity of the certificate, it is common to install a certification authority server 2 that stores the public keys of the signer and extractor as in this embodiment. is there. As shown in FIG. 2, the certification authority server 2 includes a public key DB 21 that stores the public keys of the signer and extractor, a certificate issuing unit 22 that issues a public key certificate in response to a request, a public key certificate And a certificate verification unit 23 for performing verification of the above and a communication unit 24 for performing communication via the network 1.

Reference numeral 3 denotes a signature generation server that is processed by the signer. As shown in FIG. 3, the signature generation server 3 includes a document management DB 31 for storing information transmitted to the information extraction server 5 described later, a document management TB 32 for controlling access to the document management DB 31, and a signature for the information. A signature generation unit 33 for adding the PIAT signature information of the person and the electronic signature, and a communication unit 34 for performing communication via the network 1.
Reference numeral 4 denotes a terminal for the signer to operate the signature generation server 3. The signer terminal 4 can communicate with the signature generation server 3.

Reference numeral 5 denotes an information extraction server. As shown in FIG. 4, the information extraction server 5 stores the information sent from the signature generation server 3 and stores the information sent to the signature verification server 7 (to be described later) into the document management DB 51 and the document management DB 51. A document management TB 52 for performing access control, a signature generation unit 53 for adding an extractor's PIAT signature information and an electronic signature to the information, a signature verification unit 54 for verifying an electronic signature attached to the transmitted information, and Communication means 55 for performing communication via a network is provided.
Reference numeral 6 denotes a terminal for an extractor to operate the information extraction server 5. The extractor terminal 6 can communicate with the information extraction server 5.

7 is a signature verification server. As shown in FIG. 5, the signature verification server 7 includes a document management DB 71 for accumulating information sent from the information extraction server 5, a document management TB 72 for controlling access to the document management DB 71, and the sent information. It has a signature verification unit 73 for verifying an attached electronic signature and PIAT signature information, and a communication means 74 for performing communication via a network.
Reference numeral 8 denotes a terminal for the verifier to operate the signature verification server 7. The verifier terminal 8 can communicate with the signature verification server 7.
The signature generation unit 33 of the signature generation server 3 and the signature generation unit 53 of the information extraction server 5 constitute a signature related information generation unit and a signature related information storage unit of the present invention.

The processing operation of the system configured as described above will be described below.
First, the electronic signature process will be described.
In the electronic signature, the sender generates a key pair (private key and public key) in advance, sends the public key to the certification authority server 2 and issues a public key certificate. Store the private key and public key certificate. When information is transmitted from the transmission device, first, summary information (message digest) of signature target information is generated, and the summary information encrypted with the sender's private key is used as signature information. Subsequently, the signature target information, the signature information, and the sender's public key certificate are transmitted to the other party, and the other party (recipient) who received the information receives the sender's public key acquired from the certification authority server 2 The validity of the certificate is verified, and if it is valid, the signature information is decrypted with this public key. Subsequently, a summary of the information to be signed is generated, and if it is the same as the decrypted information, it can be proved that it is truly transmitted from the sender and has not been altered.
The summary information here is information (hash information) calculated using a cryptographic one-way hash function for the signature target information, and means that the size of the signature target information can be compressed. It is also said. In addition, the hash information generated by the cryptographic one-way hash function is the only information that can be generated only from the signature target information, and the original information cannot be restored from the generated hash information. Has characteristics. For this reason, it is often used for information encryption and digital signature generation. This cryptographic one-way hash function includes algorithms such as MD5, SHA-1, and SHA-256. Information about which algorithm is used to generate summary information (hash information) for the information (hash information generation algorithm) is described in the public key certificate.

A detailed procedure for generating an electronic signature will be described below.
First, registration of a public key between the transmission device and the certification authority server 2 will be described with reference to the flowchart of FIG.
In the system of FIG. 1, the signature generation server 3 and the information extraction server 5 are electronic signature transmission apparatuses.
First, the sender generates a key pair (secret key and public key) (S1001). Subsequently, when the sender operates the transmitting apparatus and inputs the certificate issuance request information (S1002), the transmitting apparatus sends the input certificate issuance request information to the certification authority server 2 together with the public key. Transmit (S1003).

The certificate issuing unit 22 of the certification authority server 2 that has received this information by the communication means 24 (S1004) generates a public key certificate including the public key (S1005), and generates the public key certificate generated in the public key DB 21. Are accumulated (S1006).
Thereafter, the certificate issuing unit 22 controls the communication unit 24 to transmit the issued public key certificate to the transmitting apparatus that has transmitted the certificate issuance request information via the network 1 (S1007).
The transmitting apparatus that has received this information (S1008) stores the private key generated in S1001 and the public key certificate issued from the certification authority server 2 (in the signature generation unit 33 of the signature generation server 3). The storage area is stored in the storage area in the signature generation unit 53 of the information extraction server 5 (S1009), and the process is completed.

Next, transmission / reception processing of information with an electronic signature and verification processing of the receiving device will be described using the flowchart of FIG.
First, when the sender inputs an electronic signature for certain signature target information and inputs a transmission instruction to the reception device (S2001), the transmission device stores the signature target information indicated by the private key stored in the storage area. The summary information (hash information) is encrypted (S2002) and transmitted together with the stored public key certificate to the receiving device (S2003).

  The receiving apparatus that has received the information (S2004) first transmits the public key certificate to the certification authority server 2 in order to confirm the expiration date and revocation information of the transmitted public key certificate (S2004). S2005). Here, it is assumed that the certification authority server 2 supports a series of functions for certificate issuance and certificate verification. Next, the certification authority server 2 verifies the validity of the received public key certificate (S2006), and transmits the verification result to the receiving device (S2007). The receiving apparatus that has received the validity verification result (S2008) checks whether the public key certificate is valid (S2009). If the validity can be confirmed, first, the sender's public key acquired from the transmitting apparatus is obtained. With reference to the hash information generation algorithm included in the certificate, hash information is generated from the signature target information received from the transmission device (S2010). Subsequently, the signature information received from the transmission device is decrypted using the public key included in the public key certificate (S2011). The receiving apparatus compares the hash information generated in S2010 with the information obtained by the decryption process in S2011, and determines whether or not they are the same (S2012). If it can be confirmed by this determination that the information is the same as the information sent from the transmission device (sender) and it can be proved that there is no alteration (S2013), the information is stored (S2014).

  On the other hand, if the hash information and the information obtained by the decryption process are different from each other, it is determined that the information cannot be proved to be from the transmission device (sender) (or has been altered during communication) ( In S2015, notification processing such as displaying that the operator of the receiving apparatus could not be proved is performed (S2016). Similarly, when the validity of the public key certificate cannot be confirmed in the process of S2009, it can be determined that the certificate cannot be proved to be from the transmitting device (sender) (S2015), and can be proved to the operator of the receiving device. Notification processing, such as displaying that there was no, is performed (S2016).

Here, an outline of the PIAT algorithm will be described with reference to FIG.
The signer divides the data to be signed into partial data, calculates hash information of each partial data, and creates a hash information set. Thereafter, the signer's electronic signature is applied to the created hash information set, and the hash information set and the electronic signature are combined to form PIAT signature information.
The extractor extracts partial data from the data to which the signer has applied the PIAT signature information (erase other partial data). Thereafter, the same operation as that of the signer is performed to create PIAT signature information of the extractor.

  The verifier first verifies the integrity of the hash information set from the signer and extractor's PIAT signature information. Next, a hash information set is created from the disclosed partial data, and it is verified that it is the same as the hash information set included in the extractor's PIAT signature information. Finally, by comparing the hash information sets of the signer and the extractor, it can be seen that the portion having the same hash information is the extraction position from the original data. If the hash information of the extracted data is not included in the hash information of the signer's PIAT signature information, the partial data is falsified.

Subsequently, the streaming information targeted in this embodiment will be described and defined. As typical moving image formats, there are MPEG1 / 2/4 and audio formats such as MP3 (MPEG1, Audio, Layer-3), WAV, and the like. In this embodiment, MPEG1 will be described as an object.
There are various MPEG1 formats, but here we consider application to moving images with relatively monotonous video, and for simplicity, MPEG1 Video frames from which the audio portion has been removed are targeted, and CBR ( Consideration of application to ES (Elementary Stream: Elementary Stream) that handles only Constant-Bit-Rate (Constant Bit Rate) system and MPEG1-encoded images. Hereinafter, the target format is simply described as MPEG1.

  MPEG1 is a moving image coding technique standardized by ISO / IEC 11172-2. A moving image is realized by displaying a still image at a relatively high speed. For example, on television, about 30 images are displayed per second, and the number of images displayed every second is called a frame rate. In the moving image encoding technique, in order to reduce the amount of data, (still) image compression by encoding and compression by inter-frame predictive encoding are performed. MPEG1 employs DCT technology for still image compression and bidirectional prediction technology for inter-frame prediction. There are three types of still image holding methods in MPEG1 for bidirectional prediction. FIG. 9 shows an example of MPEG1 image types and their arrangement.

  The I frame compresses and holds all image data necessary for display. The P frame is called an inter-frame prediction image, and an image of the most recently decoded I frame or P frame is used as a reference image, and only a value such as a difference therefrom is held. The B frame holds the difference value and the like of the latest decoded past and past I and P frames as reference images. In the P frame and the B frame, the redundancy in the time direction is eliminated by taking the difference between the previous and subsequent images, and high data compression is realized. In MPEG1, as shown in FIG. 9, several images are grouped to form a minimum unit of moving image called GOP (Group of Pictures). The GOP can be independently reproduced in the unit, and is a structure for reproducing or editing a moving image from the middle.

  FIG. 10 shows an example of the frame structure of MPEG1. An MPEG1 Video frame includes a sequence header (hereinafter referred to as SH), a GOP header (hereinafter referred to as GH), a picture header (hereinafter referred to as PH), picture data (layer data below PH, PD and description). In particular, SH records parameters common to the entire video sequence, such as information representing the size of an image, the number of frames to be encoded per second, and communication speed information. Further, FIG. 11 shows the structure of SH. SH is an area necessary for reproduction or decoding of streaming data (hereinafter referred to as stream header information) indicated by SH-G in FIG. 11, and a user freely stores information indicated by SH-U in FIG. It is divided into areas (hereinafter referred to as user header information and explanation). Even if this user header information is not included in SH, streaming data can be reproduced and decoded if there is stream header information. In addition, a 3-byte start code prefix (STARTCODEPRIFIX) in which “0x000001” is recorded, and a 1-byte start code value (STARTCODEVALUE) in which “B3”, “B2”, “B7”, etc. are recorded are also stored. A combination of STARTCODEPRIFIX and STARTCODEVALUE is called a 4-byte start code (STARTCODE, “0x000001XX”).

  The role of this start code will be described below. The start code is determined by the standard so that the streaming data can be correctly analyzed and decoded (reproduced). Specifically, it shows what syntax is used for encoding, and the decoder analyzes the streaming data based on this start code. It is defined that the bit string “0x000001XX” should not appear in the bit string other than as a start code, and the decoder can start decoding by finding the normal “0x000001XX”. Conversely, if there is no start code, it cannot be determined where the stream is divided, and since it cannot be determined based on which syntax the bit string being referred to is encoded, decoding cannot be performed. .

  Next, PIAT application to MPEG1 by the system according to the present embodiment will be described with reference to the flowcharts of FIGS. In the present embodiment, three operators, a signer, an extractor, and a verifier, appear. It consists of a signer who signs the target original moving picture information, an extractor who extracts the original moving picture information, and a verifier who verifies the disclosed cutout moving picture information.

The following conditions are set for the signer, extractor, and verifier. The signer guarantees the content of the original moving image information to be signed by signing. It is necessary to sign under the condition that it is not known which part of the target original moving picture information is extracted. The extractor partially extracts data from the original moving image information signed by the signer, and discloses the extracted moving image information to the verifier. There are two types of extraction methods: disclosed extraction of the extractor at the same time and revealing who performed the extraction process, and anonymous extraction where the extractor performs the extraction process anonymously.
In the present embodiment, the description will be made on the assumption that the distinguished name is extracted. The verifier verifies whether or not the disclosed cut-out moving picture information is guaranteed by the signer. The disclosed cut-out moving image information is a part of the original moving image information signed by the signer, and verifies that the extraction is performed by the extractor. As for the electronic signature processing, each device performs the above-described electronic signature procedure.

  As shown in FIG. 12, the signer first creates original moving image information to be signed using the signer terminal 4 (S3001). When the creation of the original moving image information is completed, the created original moving image information is transmitted to the signature generation server 3 (S3002). When the signature generation server 3 receives the original moving image information (S3003), it first starts from dividing the original moving image information into partial information. When MPEG1 data is divided into partial data so that extraction is possible, there is no independence of PD units due to the use of inter-frame prediction technology, and extraction may be limited. Therefore, in the present invention, in the frame configuration as shown in FIG. 10, 1 GOP (MPEG1 partial data) starts with the head of SH and immediately before the start of the next SH (or the next GH if no SH exists). ), And for the sake of simplicity, the division into partial data is set as a GOP unit.

  Furthermore, in the case of a moving image having a long recording time or a moving image having a high frame rate (a large number of frames or GOPs), it is conceivable that the data amount of the hash information set included in the PIAT signature information increases. As a countermeasure against this, for example, by using an invention such as the above-mentioned Japanese Patent Application No. 2007-12048, it is possible to reduce the amount of signature-related data. Based on the above, the PIAT algorithm is applied. Note that, for the purpose of extracting moving image data, the present embodiment is premised on cutting out a moving image of one continuous portion of all data.

  The signature generation unit 33 generates PIAT signature information for the original moving image information (S3004). FIG. 17 shows the state of the generation method. When generating PIAT signature information for original moving image information, the method of generating PIAT signature information differs depending on whether user header information (SH-U) in SH is also subject to originality guarantee. FIG. 17 shows a case where user header information is not subject to originality assurance, but stream header information (SH-G) is subject to originality assurance. Moreover, E of FIG. 17 has shown the information which the other user already stored after producing | generating original moving image information.

  Specifically, first, the original moving image information is divided by partial information (GOP), and hash information of each GOP is calculated. At this time, since the PIAT signature information of the original moving image information is verification information for confirming that the verifier is a part of the original moving image information and has not been altered, the route included in the PIAT signature information of the original moving image information The hash information needs to be generated in a state where only the stream header information excluding the user header information is added to all GOPs. For this reason, for example, in the case of a frame configuration as shown in FIG. 18, it is not known at the time of signature of the original moving image information at which position it is cut out, so the contents of the latest stream header information are added to the GOP to which no stream header information is added. To generate hash information including the stream header information. At this time, hash information is generated including the SH as it is in the GOP to which SH has already been assigned. However, these SH assignments are not recorded in the original moving image information entity, but are only given on a storage area (memory or the like) when generating hash information. Furthermore, using this collection of hash information, one root hash information is created by using a technique (hereinafter referred to as a binary tree technique) for managing hash information, which is well-known in a cryptographic system, using a binary tree. Thereafter, an electronic signature of the signer is created for the created root hash information, and the root hash information and the electronic signature are combined into the signer's PIAT signature information.

  When the generation of the signer's PIAT signature information is completed in this way, the PIAT signature information is subsequently stored in the SH-U of the original moving image information (S3005). FIG. 13 shows a flowchart of the storage method. First, a start code is added to the end of the user header information (S3005 / 01). Subsequently, a PIAT signature information start code value indicating that the signer's PIAT signature information is stored is added (S3005 / 02). At this time, it is necessary to add a unique start code value that is not duplicated so as to be surely distinguishable from other user header information (E) already stored. Furthermore, as described above, if the start code (“0x000001XX”) is included in the PIAT signature information, a sequence error may occur during decoding (reproduction) of the original moving image information due to misrecognition. For example, the start code prefix (“0x000001”) must always include a start code value (“B3”, “B2”, “B7”, etc.) indicating some start, and the PIAT signature information includes: For example, when a value such as “0x000001FF” appears, a sequence error is caused during decoding (reproduction). In order to avoid such a situation, it is necessary to take measures to prevent the start code from appearing in the PIAT signature information.

  As an example of measures to avoid this, after generating PIAT signature information, a value other than “0x00” (such as “0xAA”, etc.) after PIAT signature information is generated so that the start code (“0x000001XX”) does not appear in the PIAT signature information. A method of embedding values and description) is conceivable (S3005 / 03). At this time, even if no start code appears in the PIAT signature information, a method of automatically embedding the PIAT embedded code value and whether or not the start code appears in the PIAT signature information is determined in advance, and if necessary There are two possible methods of embedding the PIAT embedding code value. However, in the latter case, it is necessary to determine and embed a code value of a tag or the like indicating where it is embedded, by determining a value different from the PIAT embedded code value, or to manage it separately. In the former case, the amount of PIAT signature information increases (doubled by simple calculation), but using an invention such as Japanese Patent Application No. 2007-1248 reduces the amount of signature-related data. Can be planned. The PIAT embedded code value is preferably stored, for example, after completion of PIAT signature information generation (after the signer's electronic signature is added). Also, in this case, when the PIAT signature information is extracted and used, for example, at the time of signature verification, it is desirable that the PIAT embedded code value be excluded. This will be described in the signature verification process described later.

  FIG. 19 shows the contents of the signer's PIAT signature information to which the former method of automatically embedding the PIAT embedding code value is applied. The upper level (PIAT11) indicates PIAT signature information before storing the PIAT embedded code value, and the lower level (PIAT12) indicates PIAT signature information storing the PIAT embedded code value. In this embodiment, route hash information is recorded as verification information for the original moving image information. In creating the root hash information, MD5 is used as a cryptographic one-way hash function, and the state of recording with a capacity of 16 bytes is shown (HASH11). SIGN 11 indicates the signer's electronic signature for the verification information (HASH 11). HASH11 and SIGN11 are combined into the signer's PIAT signature information (PIAT11). This HASH11 and SIGN11 need to be tagged in order to be able to identify them afterwards.

Both HASH11 and SIGN11 show examples in which a start code (XSTARTCODE) has appeared, and the PIAT signature information in the lower row (PIAT12) avoids a sequence error during decoding (reproduction) as shown by HASH12 and SIGN12. The PIAT embedding code value (PIATINSERTCODEVALUE, “0xAA”) is stored every other byte. The PIAT 12 is a signer's PIAT signature information in which a PIAT embedded code value is stored.
In this embodiment, the verification information (HASH12) for the original moving image information and the digital signature (SIGN12) of the signer are integrated and recorded as PIAT signature information (PIAT12). There may be a form in which the information and the digital signature of the signer are recorded and managed separately. However, in this case, the verification information for the original moving image information and the digital signature of the signer are a pair, but it is necessary to be able to confirm them after the fact.

When the addition of the PIAT embedded code value in S3005 / 03 is completed, the PIAT signature information for the original moving image information is stored in the user header information (S3005 / 04).
STOREPIAT1 in FIG. 17 shows the storage state. P1H indicates the PIAT signature information start code value indicating that the signer's PIAT signature information is stored from here, and P1D indicates the entity of the signer's PIAT signature information. Each of them is stored as shown in FIG.

FIG. 20 shows the SH structure in which the PIAT signature information of the original moving image information is stored. From the state of FIG. 11, a start code for storing PIAT signature information indicating user header information is added, and subsequently PIAT signature information indicating that PIAT signature information of the original moving image information is stored from here. A state is shown in which a start code value (PIATSTARTCODEVALUE) is added, and finally, an entity of PIAT signature information (PIAT12) of original moving image information storing a PIAT embedded code value is added.
FIG. 17 shows the case where the user header information is not subject to originality assurance and the stream header information (SH-G) is subject to originality guarantee. In this case, the same method is used. FIG. 21 shows the state of the processing.

When the generation of the PIAT signature information of the original moving image information and the storage in the SH are completed, the original moving image information with the signer's PIAT signature information is accumulated in the document management DB 31 via the document management TB 32 in the signature generation server 3 (S3006). ). Subsequently, the signature generation server 3 transmits the original moving image information with the PIAT signature information of the signer to the information extraction server 5 via the communication unit 34 (S3007). The information extraction server 5 receives the original moving picture information with the signer's PIAT signature information via the communication means 55 (S3008), and the original with the signer's PIAT signature information via the document management TB 52 in the information extraction server 5 The moving image information is stored in the document management DB 51 (S3009).
Next, the extractor receives a notification of completion of creation of the original moving image information from the signer through some transmission means, and starts the extraction process of the original moving image information. This action is performed, for example, when a required information is extracted and disclosed when a certain third party is requested to disclose the original moving image information. Specifically, since privacy information is included in a part of the original moving image information, a scene in which a part of the original moving image information is cut out can be considered.

  As illustrated in FIG. 14, the extractor uses the extractor terminal 6 to transmit an instruction to extract the original moving image information to be cut out to the information extraction server 5 (S4001). The information extraction server 5 receives an instruction to extract the original moving image information to be cut out (S4002). The original moving image information with the signer's PIAT signature information stored in the document management DB 51 is extracted via the document management TB 52 in the information extraction server 5 (S4003), and the original moving image is extracted via the signature verification unit 54. The electronic signature added to the PIAT signature information stored in the user header information of the information is verified (S4004). Here, in order to access the signer's PIAT signature information, as described above, the start code (STARTCODE) in FIG. 20 is detected, and the PIAT signature information start code value (PIATSTARTCODEVALUE recorded in the area next to STARTCODE is detected. ) Thus, when it is confirmed that the signer's PIAT signature information is stored, the entity (PIAT12) of the PIAT signature information stored thereafter can be accessed. The end of the PIAT signature information is until the next start code, that is, in the case of this embodiment, immediately before the start code (“0x000001B7”) indicating the end of SH appears.

  When the signer's PIAT signature information can be extracted (PIAT 12 in FIG. 19), processing for removing the PIAT embedded code value is subsequently performed. In the case of the present embodiment, the PIAT embedding code value (“0xAA”) is stored every other byte in both HASH12 and SIGN12. For this reason, at the time of electronic signature verification, verification processing must be performed using information excluding the PIAT embedded code value. If the electronic signature verification fails (S4005: NO), the extractor is notified that some kind of modification has occurred (S4099). When the electronic signature verification is successful (S4005: YES), the original moving image information is transmitted to the extractor terminal 6 (S4006). When the original moving image information is received by the extractor terminal 6 (S4007), the original moving image information is displayed on the display device equipped in the extractor terminal 6. Subsequently, the extractor extracts a necessary part from the original moving image information and creates cut-out moving image information (S4008). FIG. 22 shows an example of the extraction operation of the original moving image information by the extractor. The extractor can visually cut out by designating a necessary cutout range while playing back the cutout moving picture information with the play button (PREVIEW). As a cutting method, first, a seek bar (SEEKBAR) is used, a start button (STARTSET) is pressed at an arbitrary position, and a cutting start position is set. Subsequently, similarly, a seek bar (SEEKBAR) is used, an end button (ENDSET) is pressed at an arbitrary place, and a cutout end position is set. By this operation, the cutout range (CUTAREA) is determined, so the cutout moving picture information generation menu is selected to create cutout moving picture information.

In the frame configuration example of MPEG1 shown in FIG. 10, SH is added to the head of all GOPs, but SH does not necessarily need to be added for each GOP, so when viewed in GOP units, the head GOP (GH1 ) To which SH is added, and there is a frame configuration in which SH is not added to subsequent GOPs (FIG. 18).
When the GOP starts from SH, it can be recognized as the start of GOP by detecting SH. Furthermore, even if SH is not added to GOP and starts from GH, it can be recognized that GOP is started by detecting GH. However, when partial cutout for privacy protection is taken into consideration, there is still a problem in application to MPEG1 having a frame configuration as shown in FIG. That is, in the case of the frame configuration as shown in FIG. 18, if the video is cut out at any of GH2, GH3, and GH4, the cut out moving image may be unplayable. This occurs because there is an MPEG1 standard rule that SH must be included in the first GOP (GH1) of the streaming data in order to guarantee the reproduction operation.

In order to avoid a state in which the cut-out moving image cannot be reproduced, the following measures are taken.
First, as shown in FIG. 23, the contents of the most recent SH are given to a GOP to which SH is not added, and cut-out moving picture information is generated in a form including SH. At this time, the entire information (other user information (E) and the signer's PIAT signature information) stored in the user header information of the original moving image information is added and inherited as the SH information of the cut out moving image information. The added SH is added to the body of the cut-out moving image information to avoid the inability to reproduce. FIG. 23 shows an example in which GOP3 is cut out to GOP4. However, if SH is added to the top GOP, the cut-out moving image information can be reproduced. Therefore, it is not always necessary to add SH to GOP4 in order to reduce the data amount of cut-out moving image information.

  When the creation of the cutout moving image information is completed, the generated cutout moving image information is transmitted to the information extraction server 5 (S4009). When the cutout moving image information is received (S4010), the signature generation unit 53 in the information extraction server 5 generates PIAT signature information for the cutout moving image information. FIG. 24 shows the state of the generation method. When generating PIAT signature information for cut-out moving image information, as in the case of generating PIAT signature information of original moving image information, by determining whether user header information (SH-U) in SH is also subject to originality guarantee, The method of generating PIAT signature information is different. This generation method is determined depending on the originality guarantee target when the PIAT signature information of the original moving image information is generated. FIG. 24 shows a case where user header information is not subject to originality assurance, and stream header information (SH-G) is subject to originality assurance.

  Specifically, a plurality of root hash information (hereinafter referred to as an erase root hash information list) consisting only of GOPs to be erased by extraction is created. At this time, as in the case of generating PIAT signature information for the original moving image information, the contents of the most recent SH are added to the GOP in which SH is not added to the erased portion, and an erase route hash information list including SH is generated. To do. Further, an electronic signature of the extractor is created for the created erase root hash information list, and the erase root hash information list and the electronic signature are combined to obtain the extractor's PIAT signature information (S4011). When the generation of the extractor's PIAT signature information is completed, the PIAT signature information is stored in the SH-U of the cut-out moving picture information (S4012).

  FIG. 15 shows a flowchart of the storage method. First, a start code is added to the end of the user header information (S4012 / 01). Subsequently, a PIAT signature information start code value indicating that the extractor's PIAT signature information is stored is added (S4012 / 02). At this time, it is necessary to add a unique start code value that is not duplicated so that it can be reliably identified from other stored user header information (E) and the signer's PIAT signature information. Furthermore, as described above, if the start code (“0x000001XX”) is included in the PIAT signature information, a sequence error may occur during decoding (playback) of the cutout moving image information due to misrecognition. For example, the start code prefix (“0x000001”) must always include a start code value (“B3”, “B2”, “B7”, etc.) indicating some start, and the PIAT signature information includes: When a value such as “0x000001FF” appears, a sequence error is caused during decoding (reproduction). In order to avoid such a situation, it is necessary to take measures to prevent the start code from appearing in the PIAT signature information. An example of the avoidance measure is handled by storing the PIAT embedded code value (“0xAA”) as described above (S4012 / 03). The PIAT embedded code value is preferably stored, for example, after the PIAT signature information generation is completed (after the extractor's electronic signature is added).

  FIG. 25 shows the contents of the extractor's PIAT signature information. The upper level (PIAT21) indicates PIAT signature information before storing the PIAT embedded code value, and the lower level (PIAT22) indicates PIAT signature information storing the PIAT embedded code value. In the present embodiment, as verification information for cut-out moving picture information, first, the total number of GOPs (MAXGOPCNT) of the original original moving picture information, followed by the GOP number (STARTGOPNUM) of the cut-out start position, and the number of cut-out GOPs (CUTGOPCNT), and finally, an erasure route hash information list (HASHLIST) is recorded in order (HASH21). SIGN 21 indicates the extractor's electronic signature for the verification information. HASH21 and SIGN21 are combined into the extractor's PIAT signature information (PIAT21). The HASH 21 and SIGN 21 need to be tagged so that they can be identified afterwards.

  Both HASH21 and SIGN21 show an example in which a start code (XSTARTCODE) has appeared, and the PIAT signature information in the lower row (PIAT22) avoids a sequence error during decoding (playback) as shown by HASH22 and SIGN22. The PIAT embedding code value (PIATINSERTCODEVALUE, “0xAA”) is stored every other byte. The PIAT 22 becomes the extractor's PIAT signature information in which the PIAT embedded code value is stored.

  In this embodiment, the verification information (HASH22) for the cut-out moving picture information and the electronic signature (SIGN22) of the extractor are recorded integrally as PIAT signature information (PIAT22). There may be a form in which information and electronic signature are recorded and managed separately. However, in this case, the verification information for the cut-out moving picture information and the extractor's electronic signature are a pair, but it is necessary to be able to confirm them after the fact.

When the addition of the PIAT embedded code value in S4012 / 03 is completed, the PIAT signature information for the cut-out moving image information is subsequently stored in the user header information (S4012 / 04).
STOREPIAT2 in FIG. 24 shows the storage state. P2H indicates the PIAT signature information start code value indicating that the extractor's PIAT signature information is stored from here, and P2D indicates the entity of the extractor's PIAT signature information. Each of them is stored as shown in FIG. At this time, the other user information (E) stored previously and the signer's PIAT signature information are added and recorded, and version management is performed.

FIG. 26 shows the SH structure in which the PIAT signature information of the cut-out moving picture information is stored. From the state in which the PIAT signature information of the original moving image information shown in FIG. 20 is stored, a start code for storing the PIAT signature information indicating the user header information is added, and then the PIAT signature information of the cut-out moving image is here. PIAT signature information start code value (PIATSTARTCODEVALUE) indicating that the data is stored from the end, and finally, the entity of the PIAT signature information (PIAT22) of the clipped moving image information storing the PIAT embedded code value is added. It shows how it is.
FIG. 24 shows the case where the user header information is not subject to originality assurance and the stream header information (SH-G) is subject to originality guarantee. In this case, the same method is used. FIG. 27 shows the state of the processing.

  Furthermore, as another embodiment, from the state where the PIAT signature information of the original moving image information shown in FIG. 20 is stored, before storing the PIAT signature information of the clipped moving image information, new other user information (E2) is stored. There may be a form in which the actual date / time information that is created and cut out is stored, for example. It is conceivable that this E2 is stored as additional information for the cut-out moving picture information in the same manner as the PIAT signature information of the cut-out moving picture information, and of course it is assumed that the start code is correctly added and stored. Become.

  When the generation of the PIAT signature information of the clipped moving image information is completed, the clipped moving image information with the PIAT signature information of the signer and the extractor is accumulated in the document management DB 51 via the document management TB 52 in the information extraction server 5 (S4013). Subsequently, the information extraction server 5 transmits the cutout moving image information with PIAT signature information of the signer and the extractor to the signature verification server 7 via the communication unit 55 (S4014). The signature verification server 7 receives the clipped video information with the PIAT signature information of the signer and the extractor via the communication unit 74 (S4015), and the signer and the extractor via the document management TB 72 in the signature verification server 7 The extracted moving image information with PIAT signature information is stored in the document management DB 71 (S4016).

Next, as shown in FIG. 16, the verifier receives the disclosure notification of the cutout moving image information from the extractor through some communication means, and starts checking and verifying the disclosed cutout moving image information.
The verifier uses the verifier terminal 8 to transmit an instruction to extract the clipped moving image information to be verified to the signature verification server 7 (S5001). FIG. 28 shows an example of the moving image information to be verified. In the present embodiment, at the time of signature verification, cut-out moving image information and original moving image information can be selected, and each moving image information can be verified (VERIFYTYPE). For example, when cut-out moving picture information is selected, cut-out moving picture information can be selected, and can be selected by pressing a reference button (GETSTREAM). Further, by pressing a reference button, it is possible to refer to and select cut-out moving image information stored in the document management DB 71 in the signature verification server 7. Finally, by pressing a signature verification button (VERIFYRUN), the signature verification processing of the selected clipped moving image information is executed. In this way, the verifier is not conscious of the existence of each PIAT signature information serving as verification information, and only has to select cut-out moving image information, and verification can be performed easily. There may also be a method in which titles that allow easy estimation / identification of the contents of cut-out moving image information are given, and a verifier is presented with a list of these titles and selected from the list. In this case, when certain moving image information in the list is selected, the selected moving image information is used to identify which moving image information is stored in the document management DB 71 in the signature verification server 7. For example, it is necessary to hold link information.

  When the signature verification processing is executed, the signature verification server 7 receives an instruction to extract the clipped moving image information to be verified (S5002). Extracted moving picture information with PIAT signature information of the signer and extractor stored in the document management DB 71 is extracted via the document management TB 72 in the signature verification server 7 (S5003), and the PIAT signature is acquired via the signature verification unit 73. The electronic signature added to the information is verified (S5004). Here, in order to access the signer's PIAT signature information and the extractor's PIAT signature information, as described above, the start code (STARTCODE) in FIG. 26 is detected, and the PIAT recorded in the area next to STARTCODE is detected. Check the signature information start code value (PIATSTARTCODEVALUE). As a result, when it is confirmed that the signer's PIAT signature information and the extractor's PIAT signature information are stored, the entity (PIAT12, PIAT22) of each PIAT signature information stored thereafter can be accessed. . The end of the signer's PIAT signature information is until just before the next start code (“0x000001B2”) appears, and the end of the extractor's PIAT signature information is the next start code, that is, in this embodiment, Until the start code (“0x000001B7”) indicating the end of SH appears.

  When the signer's PIAT signature information and the extractor's PIAT signature information can be extracted (PIAT12 in FIG. 19 and PIAT22 in FIG. 25), processing for removing the PIAT embedded code value is subsequently performed. In the case of the present embodiment, a PIAT embedded code value (“0xAA”) is stored every other byte in all of HASH12, SIGN12, HASH22, and SIGN22. For this reason, at the time of electronic signature verification, verification processing must be performed using information excluding the PIAT embedded code value. If the electronic signature verification fails (S5005: NO), the verifier is notified that some kind of modification has occurred (S5099). If the electronic signature verification is successful (S5005: YES), the PIAT signature information verification is subsequently performed on the cut-out moving image information (S5006). FIG. 29 shows the state of the verification method. When verifying the PIAT signature information for the cut-out moving picture information, it is determined whether or not the original moving picture information and the user header information (SH-U) in the SH are also subject to originality guarantee when generating the PIAT signature information of the cut-out moving picture information. Therefore, the method for verifying PIAT signature information differs.

  This verification method is determined depending on the originality guarantee target when the PIAT signature information of the original moving image information is first generated. FIG. 29 shows a case where user header information is not subject to originality assurance, and stream header information (SH-G) is subject to originality assurance. At this time, when two pieces of continuous partial information of GOP3 and GOP4 are cut out as shown in FIG. 23, it is not necessary to add SH to GOP4. Therefore, when hash information is generated without SH in GOP4. The PIAT signature information verification for the cut-out moving picture information fails. Therefore, at the time of verifying the PIAT signature information of the cut-out moving picture information, the contents of the most recent SH are assigned to the GOP to which SH is not added, and hash information including SH is generated. At this time, only SH-G is added, and other user information (E), signer's PIAT signature information, and extractor's PIAT signature information stored in SH-U are not added. However, the addition of SH-G means that it is not recorded in the entity of the cut-out moving image information, and is only given on a storage area (memory or the like) when generating hash information.

  Subsequently, the root hash information of the original moving image information is restored together with the erase root hash information list included in the extractor's PIAT signature information, and is compared and verified with the signer's PIAT signature information. In addition, FIG. 29 shows the case where the user header information is not subject to originality assurance, but the stream header information (SH-G) is subject to originality assurance. In this case, the same method is used. FIG. 30 shows the state of the processing. At this time, the signer's PIAT signature information and the extractor's PIAT signature information stored in SH-U are not added.

  If the PIAT signature information verification fails (S5007: NO), the verifier is notified that some modification has occurred (S5099). When the PIAT signature information verification is successful (S5007: YES), the PIAT signature information verification result of the clipped moving image information is transmitted to the verifier terminal 8 (S5008). When the verifier terminal 8 receives the PIAT signature verification result of the clipped moving picture information (S5009), the PIAT signature information verification result of the clipped moving picture information is displayed on the display device equipped in the verifier terminal 8 (S5010). FIG. 31 shows an example of the signature verification result shown on the display device equipped in the verifier terminal 8. By referring to the verification result, the verifier confirms that it is a part of the original moving image information, the cutout range indicating which portion of the original moving image information has been cut out, and the portion has not been modified. Therefore, it is possible to confirm the originality of the cutout moving image information (VERIFY1).

Further, by confirming the digital signatures of the signer and the extractor, it is possible to confirm who created the original moving image information and who cut out (who created the cut out moving image information) (VERIFY2).
Furthermore, it is possible to verify the original moving image information. For example, it can be selected by selecting original moving image information in VERIFYTYPE in FIG. 28 and pressing a reference button (GETSTREAM in FIG. 28). Further, by pressing a reference button, the original moving image information stored in the document management DB 71 in the signature verification server 7 can be referred to and selected. Finally, by pressing a signature verification button (VERIFYRUN in FIG. 28), signature verification processing of the selected original moving image information is executed.

  In the present embodiment, for the purpose of reducing the data amount of the PIAT signature information, the invention as described in Japanese Patent Application No. 2007-1248 is used and the binary tree method is used. However, the document management of each server is described. If the DB has enough storage capacity, the method of managing the hash information with a binary tree is not used, and the method as in Patent Document 1 is applied as it is, and the hash information is stored in GOP units included in the original moving image information. There may be a form of generating and recording.

In this way, the effect of the PIAT signature information can be realized on the moving image information. As a result, in the present invention, even if a part of the original moving image information is cut out for privacy protection or the like, the cutout portion (position) is detected and the originality verification of the cutout moving image information is avoided while preventing the cutout moving image information from being unplayable. Is possible. In addition, since the extractor becomes clear from the electronic signature added to the PIAT signature information, even if the extractor makes some modification / addition to the cut-out moving image information, the extractor can be traced. Furthermore, in the present invention, PIAT signature information, which is verification information, is stored and distributed in the SH of the cut-out moving image information while avoiding the problem that decoding analysis (reproduction) cannot be performed. It is only necessary to specify the moving image information, and it is not necessary to associate and manage the moving image information and the PIAT signature information as compared with the form in which each PIAT signature information is distributed separately from the moving image information, and an effect of reducing the disclosure cost is expected. it can.

The signature management program of the present invention can be provided by providing a program that causes a computer to execute the operations shown in the flowcharts and steps illustrated in the above embodiments. These programs can be recorded on a computer-readable medium and executed by the computer. The computer includes a host device such as a personal computer, a controller of a test device, a controller such as an MPU or CPU of a storage device, and the like. Here, as a computer-readable medium, a portable storage medium such as a CD-ROM, a flexible disk, a DVD disk, a magneto-optical disk, and an IC card, a database holding a computer program, or another computer and its It includes databases and transmission media on the line.

As mentioned above, according to embodiment of this invention, the technical idea shown with the following additional remarks is disclosed.
(Supplementary note 1) In the signature management program for partial cutout of streaming data,
Creating signature related information for the streaming data;
The sequence header of the streaming data is divided into stream header information necessary for reproducing the streaming data and user header information that can be freely stored by the user, and signature related information is stored in the user header information in such a manner that no start code appears. A signature management program that causes a computer to execute steps.
(Appendix 2) In the signature management program described in Appendix 1,
A signature management program that stores version-related signatures that do not overwrite signature-related information of each version when signature-related information is stored in user header information.
(Appendix 3) In the signature management program described in Appendix 1 or 2,
A signature management program for adding a start code value indicating that signature-related information is stored to the end of user header information.
(Supplementary note 4) In the signature management program according to any one of supplementary notes 1 to 3,
A signature management program for generating signature related information including stream header information and a sequence header having user header information when the user header information is included in the originality target.
(Supplementary Note 5) In the signature management program according to any one of Supplementary Notes 1 to 3,
A signature management program for generating signature related information including a sequence header excluding user header information when user header information is not intended for originality.
(Supplementary note 6) In the signature management program according to any one of supplementary notes 1 to 5,
A signature management program that embeds an arbitrary value every other byte and stores signature related information, and performs verification by removing the embedded value at the time of signature verification.
(Appendix 7) In the signature management program described in Appendix 6,
A signature management program in which an arbitrary value is automatically embedded even if no start code appears in the signature related information.
(Appendix 8) In the signature management program described in Appendix 6,
A signature management program that determines in advance whether or not a start code appears in signature-related information and embeds an arbitrary value as necessary.
(Supplementary note 9) In the signature management program according to any one of supplementary notes 1 to 8,
The original stream data is divided into a plurality of pieces of partial information, the hash information for each piece of partial information is generated after adding the contents of the latest sequence header to the piece of partial information to which no sequence header is added, and obtained from these pieces of hash information. A signature management program that creates an electronic signature of a signer with respect to one piece of root hash information, and creates signature related information of the signer by combining the root hash information and the electronic signature of the signer.
(Appendix 10) In the signature management program described in Appendix 9,
A signature management program for storing the signer's signature related information in the user header information of the original stream data.
(Appendix 11) In the signature management program described in Appendix 9 or Appendix 10,
When the extractor extracts cut-out stream data from the original stream data, the partial information to which the sequence header is not added is added to the partial information that is deleted by extraction, and the contents of the latest sequence header are added to the partial information. A signature management program that generates hash information, creates an extractor's digital signature for the erase root hash information, and creates extractor's signature related information by combining the erase root hash information and the extractor's electronic signature.
(Appendix 12) In the signature management program described in Appendix 11,
A signature management program that includes the contents of the sequence header of the original stream data, inherits it as the sequence header of the cut-out stream data, and stores the extractor's signature-related information in the user header information of the sequence header of the cut-out stream data.
(Appendix 13) In the signature management program described in Appendix 12,
A signature management program that creates and stores additional information for cut-out stream data.
(Appendix 14) In the signature management program described in Appendix 12,
The signer's signature related information and the extractor's signature related information are extracted from the extracted stream data, and the root hash information of the original stream data included in the signer's signature related information and the extracted stream data included in the extractor's signature related information A signature management program that restores the erase root hash information and verifies the originality.
(Supplementary Note 15) In the signature management program according to any one of Supplementary Notes 1 to 14,
The signature management program is PIAT signature information.
(Supplementary Note 16) In the signature management method for partial cutout of streaming data,
Create signature related information for streaming data,
The sequence header of the streaming data is divided into stream header information necessary for reproducing the streaming data and user header information that can be freely stored by the user, and signature related information is stored in the user header information in such a manner that no start code appears. And a signature management method.
(Supplementary Note 17) In the signature management apparatus for streaming data that is partially cut out,
Signature related information creating means for creating signature related information for streaming data;
The sequence header of the streaming data is divided into stream header information necessary for reproducing the streaming data and user header information that can be freely stored by the user, and signature related information is stored in the user header information in such a manner that no start code appears. A signature management apparatus comprising: signature related information storage means.

  1 network, 2 certification authority server, 3 signature generation server, 4 signer terminal, 5 information extraction server, 6 extractor terminal, 7 signature verification server, 8 verifier terminal, 21 public key DB, 22 certificate issuing unit, 23 Certificate verification unit, 24 communication unit, 31 document management DB, 32 document management TB, 33 signature generation unit, 34 communication unit, 51 document management DB, 52 document management TB, 53 signature generation unit, 54 signature verification unit, 55 communication Means 71 Document management DB 72 Document management TB 73 Signature verification unit 74 Communication means

Claims (5)

A signature management method for performing signature management for partial clipping of streaming data by a system including a signature generation server, an information extraction server, and a signature verification server connected via a network,
The signature generation server receiving instructions from the signer terminal and creating first signature related information for the streaming data;
The signature generation server divides the sequence header of the streaming data into stream header information necessary for reproducing the streaming data and user header information that can be freely stored by the user, and indicates that the signature related information is stored Adding a code value to the end of user header information, and sequentially storing a start code value indicating the storage location of the first signature related information and the first signature related information in the user header information;
The signature generation server stores a start code value indicating that the signature related information is stored, a start code value indicating the storage location of the first signature related information, and a user in which the first signature related information is stored Transmitting streaming data to which a sequence header including header information is added to an information extraction server;
The information extraction server receiving and storing the streaming data transmitted by the signature generation server in a first document management database;
The information extraction server receives an instruction from the extractor terminal, and based on the instruction, extracts the streaming data to which a sequence header including user header information is added from the first document management database, and sends it to the extractor terminal. Sending, and
The information extraction server receives partial data obtained by cutting out a part of the transmitted streaming data from the extractor terminal, and creates second signature related information for the partial data;
The information extraction server sets the storage position of the second signature related information after the first signature related information in the user header information of the sequence header of the extracted streaming data as the sequence header of the partial data. Generating a continuously added storage of a start code value representing and the second signature related information;
The information extraction server includes a start code value indicating that the signature related information is stored, a start code value indicating the storage location of the first signature related information, the first signature related information, and the second signature. Transmitting a partial data to which a sequence header including a start code value indicating a storage position of related information and user header information storing the second signature related information is added to a signature verification server;
The signature verification server receiving and storing the partial data transmitted by the information extraction server in a second document management database;
The signature verification server receives an instruction from the verifier terminal, and for the partial data stored in the second document management database, a start code value indicating that the signature related information is stored, the first code Based on the start code value indicating the signature related information storage location and the first signature related information and the second signature related information extracted based on the start code value indicating the storage location of the second signature related information. Verifying and transmitting a verification result to the verifier terminal;
The signature management method characterized by performing this. The first signature-related information generated by the signature generation server and the second signature-related information generated by the information extraction server are obtained by storing predetermined embedded code values in the respective signature-related information, thereby starting codes Is created as signature-related information in a form that does not appear
The verification processing is performed based on information obtained by removing the embedded code value when the signature verification server verifies the first signature related information and the second signature related information. Item 2. A signature management method according to item 1.   The signature generation server generates the first signature related information including the stream header information and the sequence header including the user header information when the user header information is included in the originality target. The signature management method according to claim 1 or 2.   The signature generation server generates the first signature related information including a sequence header excluding the user header information when the user header information is not targeted for originality. Item 3. The signature management method according to Item 2. A signature management system that performs signature management for partial cutout of streaming data,
An instruction is received from the signer terminal, the first signature related information for the streaming data is created, the sequence header of the streaming data, the stream header information necessary for reproducing the streaming data, and the user header information that can be freely stored by the user, And a start code value indicating that the signature related information is stored is added to the end of the user header information, and a start code value indicating the first signature related information storage location in the user header information; The first signature related information is stored in order, a start code value indicating that the signature related information is stored, a start code value indicating the storage location of the first signature related information, and the first signature related Streaming data to which a sequence header including user header information in which information is stored is added And signature generation server to send,
The streaming data transmitted by the signature generation server is received and accumulated in the first document management database, the instruction of the extractor terminal is received, and based on the instruction, the user header information is obtained from the first document management database. The streaming data to which the sequence header is added is extracted, transmitted to the extractor terminal, the partial data obtained by cutting out a part of the transmitted streaming data is received from the extractor terminal, and second data for the partial data is received. Storage location of the second signature related information after creating the signature related information and after the first signature related information in the user header information of the sequence header of the extracted streaming data as the sequence header of the partial data A start code value representing the second signature related information and the second signature related information , A start code value indicating that the signature related information is stored, a start code value indicating the storage location of the first signature related information, the first signature related information, and the second signature related information An information extraction server that transmits partial data to which a sequence header including user header information in which a start code value indicating the storage location of the second signature-related information is stored and a second header-related information is stored;
The partial data transmitted by the information extraction server is received and stored in the second document management database, an instruction is received from the verifier terminal, and the partial data stored in the second document management database Extracted based on a start code value indicating that the information is stored, a start code value indicating the storage position of the first signature related information, and a start code value indicating the storage position of the second signature related information A signature verification server that performs verification based on the first signature related information and the second signature related information, and transmits a verification result to the verifier terminal;
A signature management system comprising:

Images