JPH1198487A - Image coder and image decoder - Google Patents

Abstract

PROBLEM TO BE SOLVED: To select a key encryption and decoding depending on an image by dividing a quantized image into pluralities of blocks for each prescribed frequency region, using a reference key of the encryption key to generate pluralities of hierarchical encryption keys, using a quantization means to generate divided blocks and encrypting the blocks through the use of an encryption key of a prescribed hierarchical level. SOLUTION: An encryption management means 5 generates a reference key based on a random number, a key hierarchical pressing means 6 converts the reference key to generate encryption keys to be set to each of encryption processing means 4(1-n). In a key series, a low-order key is easily generated from a high-order key and estimate of the high-order key from the low-order key is quantitatively difficult. An orthogonal transform means 2 transforms the key into a spatial frequency component, a quantization means 3 quantizes the component, divided into a predetermined spatial frequency area block, encryption is conducted by an encryption processing means 4 corresponding to respective blocks, and image information is sent to an image decoder via an image transmission means 8 and a network 9.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an image encoding apparatus for encrypting and providing an image according to a charge to a contracted user and an image decoding apparatus for decoding an encrypted image. is there.

[0002]

2. Description of the Related Art FIG. 27 shows a conventional image transmission system including an image encoding device and an image decoding device disclosed in Japanese Patent Application Laid-Open No. 6-54325, corresponding to the decryption capability of the image decoding device. FIG. 2 is a configuration diagram showing a configuration capable of supplying images of different qualities. In the figure, reference numeral 200 denotes an image coding apparatus, and as its constituent elements, 201 is an orthogonal transform means for converting an input image into a spatial frequency component, 202 is a quantizer of the orthogonally transformed image information, and Numeral 203 denotes an encrypting means for encrypting the respective frequency components, and 204 denotes a multiplexing means for combining the divided image information so that the divided image information can be transmitted on a network. On the other hand, reference numeral 300 denotes an image decoding apparatus, and as its constituent elements, 301 is separating means for dividing the multiplexed image information for each predetermined frequency component, and 302 decodes each frequency component. 303 is an inverse quantization means for integrating the decoded information of each frequency component into one and inversely quantizing them, and 304 is an inverse orthogonal for finally extracting the original image through these elements. Represents conversion means.

Next, the operation will be described. First, the image encoding device 200 will be described. When the user inputs an image to be encrypted and transmitted to the image encoding device 200, the image is divided into, for example, an image area of 8 × 8 pixels, and is first converted into an 8 × 8 spatial frequency component matrix by the orthogonal transformation means 201. Is done. After the output matrix is quantized by the quantization means 202,
Each encryption means 20 is divided into predetermined spatial frequency domain blocks, and
3 (1 to n). Here, the block of the lowest frequency component is sent to the multiplexing means 204 without being encrypted. Each spatial frequency domain block input to the encryption means 203 is encrypted by a predetermined method and sent to the multiplexing means 204. The multiplexing means 204 serializes the image information divided into n + 1 blocks,
Output on network. These operations are performed for all 8
The transmission of one screen is completed by performing the process on the image area of × 8 pixels.

Next, the operation of the image decoding apparatus 300 will be described. The encrypted image information sent from the network is divided by the separating means 301 into predetermined spatial frequency domain blocks. Each spatial frequency domain block is input to the decoding means 302 (1 to n) in order from the high frequency component block. Here, the block of the lowest frequency component is sent to the inverse quantization means 303 without passing through the decoding means 302. Each spatial frequency domain block input to the decoding means 302 is decoded by a predetermined method, and the next inverse quantization means 303
Sent to The inverse quantization means 303 inversely quantizes the spatial frequency domain blocks divided into n + 1 blocks, collectively converts them into, for example, an 8 × 8 spatial frequency component matrix, and outputs the matrix to the inverse orthogonal transform means 304 I do.
The inverse orthogonal transform unit 304 extracts, for example, an 8 × 8 pixel image from the input spatial frequency component matrix. By repeating these operations, the reception of one screen is completed.

When image information is viewed in the spatial frequency domain, low frequency components represent the outline and contrast of the image, while high frequency components represent fine parts. Further, even if the high-frequency component is not faithfully restored, it often does not lead to extreme image degradation. The prior art discloses a method for reproducing high-quality images by encrypting high-frequency components and activating / deactivating the decryption function from such a background.

[0006]

A conventional image transmission system capable of supplying images of different qualities in accordance with the decryption capability of an image decryption device is configured as described above, The keys for encrypting and decrypting the area blocks are independent of each other. Therefore, for users who demand high quality, it is necessary to operate more decryption means, and it is necessary to deliver more keys, so both image providers and users manage many keys. There was a problem that had to be done.

Further, since the method of dividing the spatial frequency domain is fixed, the class hierarchy of image quality is fixed, and there is a problem that images having different class hierarchies cannot be handled.

In addition, since encryption and decryption are performed with the same key regardless of the image, one image encoding device requires
There is a problem that one corresponding image decoding device is required.

SUMMARY OF THE INVENTION The present invention has been made to solve the above-mentioned problems, and has one key that must be delivered. Further, the present invention enables transmission and reception of images having different class hierarchies. It is an object of the present invention to provide an image encoding device and an image decoding device capable of selecting a key used for encryption and decryption according to an image.

[0010]

According to a first aspect of the present invention, there is provided an orthogonal transforming means for transforming an image into spatial frequency components, and quantizing the transformed spatial frequency components to divide the spatial frequency components into a plurality of blocks for each predetermined frequency region. Quantizing means, using a reference key that is a reference of an encryption key used for encryption, key hierarchization means for generating a plurality of hierarchized encryption keys, and a block divided by the quantization means, Image encryption means for encrypting using a predetermined hierarchy level encryption key generated by the key hierarchy means.

A second invention provides a plurality of encryption means for respectively encrypting a plurality of blocks divided by the quantization means in parallel, and a plurality of blocks encrypted by the plurality of encryption means. And multiplexing means for combining them.

According to a third aspect of the present invention, there is provided a key hierarchizing means for generating the plurality of hierarchized encryption keys by a one-way function capable of obtaining a lower key from an upper key.

According to a fourth aspect of the present invention, there is provided a key layering means for generating the plurality of hierarchized encryption keys by encryption using a public key in a public key encryption algorithm.

According to a fifth aspect of the present invention, there is provided a quantizing device for dividing the quantized spatial frequency component into a plurality of blocks based on a preset frequency domain division designation.

A sixth invention is provided with encryption information adding means for adding information on each block divided by the quantization means to the block encrypted by the image encryption means.

According to a seventh aspect of the present invention, there is provided an encryption information adding means for adding a hierarchical level of an encryption key used for encrypting a block in an area having the highest frequency.

According to an eighth aspect of the present invention, a new key generating means for generating a new reference key by generating a random number, and a new reference key generated by the new key generating means are stored together with a key identifier for identifying the reference key. Key storage means, wherein the key hierarchy means uses either the new reference key generated by the new key generation means or the reference key stored in the key storage means, A plurality of encryption keys are generated.

According to a ninth aspect of the present invention, there is provided a key request receiving means for receiving a key request of a predetermined hierarchical level transmitted through a network, and a reference key serving as a reference of the requested encryption key of the hierarchical level. Key obtaining means for generating by the key generation means or extracting from the key storage means and generating the encryption key at the requested hierarchical level by the key hierarchy means; and Key transmitting means for transmitting to the transmission source.

According to a tenth aspect of the present invention, there is provided a separating means for quantizing an image converted into a spatial frequency component, dividing the transmitted image information into a plurality of blocks for each predetermined frequency region, and using the separating means for decoding. A decryption key hierarchical means for generating a plurality of hierarchically structured decryption keys using a reference key which is a reference of the decryption key to be decrypted, and a block divided by the separating means, generated by the decryption key hierarchical means. Image decoding means for decoding by using a decoding key of a predetermined hierarchical level.

According to an eleventh aspect of the present invention, a plurality of decoding means for decoding the plurality of blocks divided by the separation means in parallel, respectively, and a plurality of blocks decoded by the plurality of decoding means are inversely quantized. And an inverse orthogonal transforming means for transforming the spatial frequency component converted by the inverse quantizing means into an original image.

According to a twelfth aspect of the present invention, there is provided a decryption key hierarchical means for generating the hierarchized decryption keys by a one-way function capable of obtaining a lower key from a higher key. .

A thirteenth invention is provided with a decryption key hierarchical means for generating the plurality of hierarchized decryption keys by encryption using a public key in a public key encryption algorithm.

According to a fourteenth aspect of the present invention, there is provided a separating means for dividing into a plurality of blocks based on a preset frequency domain division designation.

A fifteenth invention comprises key input means for obtaining a new reference key from the outside, and key storage means for storing the reference key together with a reference key identifier. Using the reference key stored in the key storage unit stored in the key storage unit or the new reference key input by the unit, generating the hierarchized plurality of decryption keys. is there.

According to a sixteenth aspect, a key storage means for storing an identifier of a key creator in addition to a reference key identifier is provided.

[0026]

BEST MODE FOR CARRYING OUT THE INVENTION

Embodiment 1 FIG. FIG. 1 is a diagram illustrating a configuration of an image encoding device according to Embodiment 1. In the figure, 1 is an image encryption means, 2 is an orthogonal transform means for converting an image into a spatial frequency component, and 3 is a quantizer which quantizes the spatial frequency component converted by the orthogonal transform means 2 and divides it into predetermined frequency regions. Means 4,
Is an encryption means for encrypting the spatial frequency components divided for each frequency domain by the quantization means 3, and 5 sets an encryption key in the encryption means 4 and generates a reference key serving as a reference for this encryption key. The encryption management means 6 is a key layering means for processing and generating a key hierarchized from the reference key set by the encryption management means 5 by a one-way function, and the numeral 7 is encrypted by the encryption means 4. A multiplexing unit for combining the divided spatial frequency components into one, an image transmitting unit 8 for transmitting the encrypted divided spatial frequency components, and a network 9.

FIG. 2 is a diagram showing the configuration of the image decoding apparatus according to the first embodiment. In the figure, reference numeral 9 denotes a network to which the spatial frequency components encrypted by the image encoding device are transmitted, 10 denotes an image decoding means, and 11 divides the multiplexed and transmitted spatial frequency components for each frequency domain. 12 is a decoding means for decoding the spatial frequency components divided by the separation means 11, and 13 is a decoding means 12
A decryption management means for setting a decryption key in the decryption key and storing a reference key serving as a reference of a key to be used for the decryption; Key hierarchy means for processing and generating with a direction function,
Reference numeral 15 denotes an inverse quantization unit that combines the divided spatial frequency components decoded by the decoding unit 12 into one and inversely quantizes them, and 16 converts the spatial frequency components inversely quantized by the inverse quantization unit 15 into an image. Inverse orthogonal transform means 17 is an image display means for displaying an image.

The operation of this embodiment will be described below. First, the processing of the image encoding device will be described. When an image is encoded by the image encoding apparatus of FIG. 1, the encryption management unit 5 sets an encryption key to be used for encryption for each encryption unit 4 as preprocessing. At this time, an encryption key to be set in each encryption unit 4 is generated using the key hierarchy unit 6. More specifically, the encryption management unit 5 first generates a reference key as a reference based on a random number, and converts the generated reference key by the key layering unit 6 to set the encryption key to be set in each encryption unit 4. Generate

Here, the hierarchization of a key is to generate a key sequence satisfying the following two properties from a reference key. (1) It is easy to generate a lower key from a higher key, but (2) it is difficult to estimate a higher key from a lower key in terms of computational complexity.

The encryption keys hierarchized in this manner are set in the encryption means 4 in order from the highest key.

After the encryption management unit 5 sets the hierarchized encryption key in each encryption unit 4, the image is processed as in the prior art. That is, after being transformed into spatial frequency components by the orthogonal transform means 2 and quantized by the quantizing means 3, they are divided into predetermined spatial frequency domain blocks and encrypted by the encrypting means 4 corresponding to each block. The image information is sent to the image decoding device via the image transmitting means 8 and the network 9.

The pre-processing of image encoding uses a method of generating an encryption key to be set in each encryption means 4 by hierarchizing a reference key. With this, the image encoding device
Only one key can be managed, and the key used for encryption can be destroyed after use.

FIG. 3 is a flowchart showing the flow of the key hierarchy processing of the key hierarchy means 6 in the image encoding apparatus of FIG. The operation of the key hierarchy means 6 will be described with reference to the drawings. The key hierarchy means 6 is activated by the encryption management means 5. At this time, the hierarchy level Level of the reference key and the required key is passed as arguments. In step S1, a temporary variable Key is initialized with a reference key, and a temporary variable n is initialized with a value 1 representing the highest level. Step S2
Step S4 forms a loop. Step S2
Evaluates the conditions for exiting the loop. When “n = the required key hierarchy level Level”, the variable K
Since ey stores a hierarchized key corresponding to the level, the contents of Key are returned to the encryption management means 5. If "n = hierarchical level of required key Level
If not "1", the key is hierarchized in step S3. Thereafter, in step S4, n is incremented by one. This loop is repeated until the evaluation in step S2 becomes true.

In step S3, the hierarchization of the key is realized by processing the key with a one-way function. A one-way function refers to a function for which it is difficult to find an inverse function. In this way, it is easy to generate a lower key from a higher key by simply passing a function, whereas to generate a higher key from a lower key, it is one-way. It is difficult to find the inverse of the function,
A key sequence that satisfies the above-described definition of the hierarchical key can be generated.

In the present embodiment, a higher-order key and
Since it is desirable that the lower keys have a one-to-one relationship as much as possible, a message reduction algorithm such as SHA or MD5 is used as a one-way function.

Next, the operation of the image decoding apparatus will be described. When decoding an image, the decoding management unit 13 sets a decoding key to be used for decoding for each decoding unit 12 as preprocessing. At this time, the decryption management means 13
Generates a decryption key to be set in each decryption unit 12 using the key hierarchy unit 14. However, since the reference key for generating the hierarchized decryption key is passed from the image sender according to billing or the like, the reference key is not always the highest key, and is generally not the highest key. This is obtained by hierarchizing the used reference key in several stages. Therefore, it is necessary for the decryption means higher than the layering level of the passed key to generate a higher-level key from the reference key, and it is difficult to generate such a key according to the definition of the hierarchical key. Therefore, no key can be set for such decryption means.

In order from the highest level decoding means that can be set,
A decryption key obtained by hierarchizing the reference key is set, and then the decryption process is started. The decoding process is the same as in the prior art. That is, sent through the network 9,
After the encrypted image information is divided into predetermined spatial frequency domain blocks by the separating unit 11, the image information is decoded by the decoding unit 12 corresponding to each block, and is dequantized by the dequantizing unit 15, After being converted into a frequency domain matrix and returned to a normal image by the inverse orthogonal transform means 16, it is finally displayed by the image display means 17. However, the decryption means for which the decryption key has not been set outputs 0 for any input. Thereby, the stop of the decoding function as described in the prior art is realized.

FIG. 4 is a flowchart showing the flow of the key hierarchy processing of the key hierarchy means 14 in the image decoding apparatus of FIG. The operation of the key hierarchy means 14 will be described with reference to the drawings. The key layering means 14
Invoked by At this time, from the decryption management means 13, the reference key, the reference level indicating at which hierarchical level of the key sequence the reference key is located, and the hierarchical level L of the required key
level is passed as an argument. Both the reference key and the reference level have been transferred in advance from the image sender to the image receiver off-line.
3 is stored. In step S5, the temporary variable Ke
Initialize y with the reference key and temporary variable n with the reference level.
If "reference level n> hierarchical level L of required key"
If an “evel”, that is, a key higher than the reference level is requested, the evaluation in step S6 becomes true, and as a result, an error is returned to the decryption management unit 13. Steps S7 to S9 form a loop. A step S7 evaluates a condition for exiting the loop. When “reference level n = required key hierarchical level Level” is reached, a hierarchical key corresponding to the level is stored in the variable Key. To return. If “reference level n = required key hierarchy level Level” is not satisfied, the key is hierarchized in step S8. Thereafter, in step S9, n is incremented by one. This loop is repeated until the evaluation of S7 becomes true.

As described above, in the present embodiment, a decryption key generated by hierarchizing a reference key serving as a reference is set in each decryption means 12 to perform decryption. Only one key can be managed, and the key used for decryption can be discarded after use.

Embodiment 2 FIG. 5 is a diagram illustrating a configuration of an image encoding device according to the second embodiment. FIG. 6 is a diagram illustrating a configuration and a processing flow of the image decoding apparatus according to the second embodiment. Each of the image encoding device and the image decoding device described in each of FIGS. 5 and 6 has a configuration in which image information divided into spatial frequency components is stored in a buffer. This allows
In the first embodiment, only one encryption unit in the image encoding device and one decoding unit in the image decoding device are required, and a multiplexing unit and an image in the image encoding device are required. It is possible to omit the separating means in the decoding device.

FIG. 7 is a diagram showing how image information in the image encoding device is being converted. With reference to FIG. 5 and FIG. 7, the flow of processing of the image encoding device according to the present embodiment will be described. In FIG. 7, the original image is decomposed in units of 8 × 8 pixels, for example, as in the first embodiment (a), and each is subjected to orthogonal transformation and quantization to obtain a spatial frequency domain matrix of, for example, 8 × 8. (B). Thereafter, this matrix is scanned zigzag from the low frequency component as shown in (c) and stored in the buffer 31 of FIG. Next, encryption management means 2
8 generates an encryption key for encryption using the key layering means 29 in steps S10 and S11 in FIG. 5, and requests the encryption means 32 to perform encryption in step S12. The parameter passed at this time is key information K
ey and the number of blocks to be encrypted. Upon receiving the request, the encrypting means 32 extracts data from the buffer 31 by the designated number of blocks, encrypts the data with the designated key, and stores it in the buffer 33 for storing the encrypted image information. By repeating this operation and storing all the data in the buffer 31 in the buffer 33, the encryption of 8 × 8 pixels in the original image area is completed. The data obtained by encrypting the original image by repeating these steps over the entire original image area is stored in the buffer 33. However, blocks belonging to the lowest frequency part of each spatial frequency domain matrix are output to the buffer 33 without being encrypted. Finally, the contents of the buffer 33 are sent to the network. Therefore, the format of the data in the present embodiment is as shown in FIG.
(D).

In the image decoding apparatus of FIG. 6, instead of removing the separating means 11 shown in the first embodiment, the decoding managing means 34 designates the number of blocks to be decoded to the decoding means 37. Effect has been obtained. The flow of the processing is almost the same as that in the image encoding device of the present embodiment. However, as described in the first embodiment, when a key for decryption cannot be set, the decryption unit 37 outputs 0 regardless of the input block.

As described above, the method of temporarily storing the image information in the buffer and sequentially encrypting and decrypting the image information allows the image information to be freely changed only by changing the settings of the encryption management means / decryption management means. The effect is that the quality hierarchy can be set.

Embodiment 3 FIG. 8 and 9 are diagrams illustrating configurations of an image encoding device and an image decoding device according to the third embodiment, respectively. FIG. 8 shows an image encoding apparatus in which an encryption information adding unit 45 is added to the image encoding apparatus according to the second embodiment. FIG. 9 shows an image decoding apparatus in which the encryption information extracting means 52 is added to the image decoding apparatus according to the second embodiment. This makes it possible to add a header describing the method of dividing the spatial frequency domain block at the time of encryption to the image information flowing through the network 9, and as a result, the image sender can freely change the quality of each image. A hierarchy can be set. FIG.
Represents an example of a header added to the image information. The header includes an area division number N when the image is divided into predetermined areas, and an unencrypted frequency area block number BN. , The number BN-1 of frequency-domain blocks encrypted with the hierarchical key of the key hierarchical level Level N-1,
The number Bi of frequency-domain blocks encrypted with the hierarchical key of the hierarchical level of the key, and the hierarchical level of the key Level
It describes a method of dividing spatial frequency domain blocks such as the number of frequency domain blocks B1 encrypted with one hierarchical key, and encrypted image information.

Embodiment 4 FIG. 11 is a diagram illustrating another example of the header added to the image information in the image encoding device according to the fourth embodiment. In the encryption information adding means 45 according to the third embodiment, the highest quality Le which is the level of layering of the key for encrypting the highest spatial frequency domain block.
By including velLmin in the content of the header, a user having a key of a certain level or higher can distribute an image so that the image can be completely decrypted.

Embodiment 5 FIG. The key layering means 43 of the image encoding apparatus shown in FIG. 8 uses a public key cryptosystem algorithm for one-way function processing, and encrypts the public key with the public key of the image sender. , It is possible to generate a higher-order key.

FIG. 12 is a flowchart showing the flow of processing by the hierarchical key generation means of the image coding apparatus according to the fifth embodiment. Fifth Embodiment Using the flowchart of FIG.
The processing flow of the key layering means of the image encoding device will be described. The key hierarchy means 43 is activated by the encryption management means 44. At this time, the hierarchy level Level of the reference key and the required key is passed as arguments. However, in the present embodiment, the required key hierarchy level can be a level higher than the reference key, that is, a value of 0 or less.

In step S16, the temporary variable Key is initialized with the reference key, and the temporary variable n is initialized with the value 1 representing the highest level. In step S17, when "n = required key hierarchical level Level" is reached, the value contained in the key at that time is the key data corresponding to that level, so that the value is returned and the processing is terminated. If “n = hierarchical level of required key is not Level”, step S
Move to 18. In step S18, it is determined whether or not the desired key hierarchy level Level is higher than 1 which is the highest level. If “hierarchy level of required key Level <1” is not satisfied (Level
.Gtoreq.1), in step S19, the image is encrypted with the public key of the image sender to form a one-level hierarchy.
At step 20, n is incremented by one, and re-evaluated at step S17.

On the other hand, “the required key hierarchy level Le
If vel <1, in step S21, the data is encrypted with the secret key of the image sender, thereby forming a one-stage hierarchy in the reverse direction. This is because the key generated in this manner is encrypted with the public key of the image sender, which is a one-way function in the present embodiment, so that the encryption with the private key is decrypted and the original key is decrypted. Because it can be obtained. Next, n is decremented by one in step S22 and re-evaluated in step S17.

Embodiment 6 FIG. FIGS. 13 and 14 are diagrams illustrating the configurations of the image encoding device and the image decoding device according to the sixth embodiment, respectively. FIG. 13 shows a configuration of the image encoding device 39 shown in FIG.
2. An image coding apparatus to which a key storage unit 63 and a key output unit 64 are added. FIG. 14 shows an image decoding apparatus in which a key management unit 73, a key storage unit 74, and a key input unit 75 are added to the image decoding apparatus shown in FIG. FIG. 15 is a diagram showing a flow of a process when an existing key is reused in the image encoding device, and FIG. 16 is a diagram showing a flow of a process when a new key is generated. FIG. 17 is a diagram showing a state in which a key is stored in the key storage unit 63 of the image encoding device. FIG. 18 is a diagram showing a key output format in the key output unit 64 in the image encoding device. Also,
FIG. 19 is a diagram showing a manner in which a header added to image information transmitted through the network 9 is acquired, and FIG. FIG. 21 shows a key storage unit 74 of the image decoding apparatus.
FIG. 4 is a diagram showing a key storage format in the embodiment.

Next, the operation of encrypting an image with the image encoding device of FIG. 13 will be described. When encrypting an image, the encryption management unit 56 determines whether to encrypt using an existing key or to generate and encrypt a new key according to the setting of the image sender. Existing key is key storage means 6
3, as shown in FIG. 17, a uniquely assigned identifier is stored as a key. FIG. 15 shows a flow of a process when encrypting an image using an existing key. The key management unit 61 that has received the key request from the encryption management unit 56 receives a key identifier indicating the key as an argument (step S23). The key management unit 61 requests the key storage unit 63 to return the corresponding key using the key identifier as a key (step S24). Key storage means 63
Searches for key data held by itself using the given key identifier as a key (step S25). If the corresponding key exists in the key storage unit 63, the key storage unit 63 returns the corresponding key together with the key identifier (step S26). Key management means 6 receiving these
1 passes them to the encryption management means 56 (step S
27).

FIG. 16 shows a process for generating a new key and encrypting an image. Upon receiving the request to generate a new key (step S28), the key management unit 61 issues a key generation request to the new key generation unit 62 (step S2).
9). The new key generation means 62 generates a new key by internally generating a random number (step S30), and returns the result to the key management means 61 (step S31). Next, the key management unit 61 requests the key storage unit 63 to store the generated key (step S32). The key storage unit 63 assigns an unused identifier to the key (step S33), stores a new key (step S34), and returns the identifier to the key management unit 61 (step S35). Key management means 6 receiving this
1 passes the key identifier and the key to the encryption management means 56 (step S36).

When transmitting an image, the encryption management means 56
Adds a key identifier to the header information shown in FIG. Therefore, the header information added to the transmitted image is as shown in FIG.

The key output means 64 is means for outputting the key to a portable medium when it is necessary to hand the key to the image receiver. If it becomes necessary to output the key, the key output means 64 obtains the necessary key through the key management means 61, hierarchizes it by the key hierarchization means 57, and then stores the key in a portable medium. Output to FIG.
Reference numeral 8 denotes the content of the output key information.

Next, the operation of decoding an image by the image decoding device 65 of FIG. 14 will be described. The image decoding device 65, which has received the image information from the network 9 through the image receiving means 67, obtains information such as a key identifier from the header information shown in FIG. The information is passed to the management means 71. The decryption management means 71 obtains a key from the key management means 73 according to the processing shown in FIG. The decryption management means 71
An existing key acquisition request is made to the key management unit 73 using the key identifier as an argument (step S37). Further, the key management means 73
Requests the key storage unit 74 to obtain an existing key using the key identifier as an argument (step S38). In the key storage means 74,
The key is stored in a format as shown in FIG. 21, and a key search is performed using the key identifier as a key (step S39). The key distinguished by the key identifier is a key storage unit 74
If the key exists, the corresponding key and the hierarchical level to which the key is applied are returned to the key management unit 73 (step S4).
0). The key management means 73 which has received this returns the key and the hierarchical level to the decryption management means 71 (step S
41).

The key input means 75 is used to obtain a new key from the outside. The key input means 75 reads a key recorded on a portable recording medium as shown in FIG. 17 and stores it in the key storage means 74.

Embodiment 7 FIG. FIG. 22 is a diagram illustrating a format of a key storage table in a key storage unit of the image decoding apparatus according to the seventh embodiment. In the seventh embodiment, a key generated by a different image sender is stored in a key storage unit 74 of an image decoding device 65 shown in FIG. 65 indicates that the management can be performed.

Embodiment 8 FIG. FIGS. 23 and 24 are diagrams illustrating the configurations of the image encoding device and the image decoding device according to the eighth embodiment. FIG. 23 is a diagram showing an image encoding device in which a key obtaining unit 85, a key request receiving unit 86, a key transmitting unit 87, and an authentication unit 88 are added to the configuration of the image encoding device 54 shown in FIG. FIG. 24 shows an image decoding apparatus 7 in which a key request transmitting means 100, a key receiving means 101 and an authentication means 102 are added to the configuration of the image decoding apparatus 65 shown in FIG.
FIG. FIG. 25 is a diagram showing the data format of the key request message in the present embodiment, and FIG. 26 is a diagram showing the data format of the key distribution message in the present embodiment. By using this embodiment,
The key can be delivered online from the image encoding device to the image decoding device.

Referring to FIG. 24, image decoding apparatus 9
The flow from receiving an image to obtaining a required key will be described. The decryption management means 96 attempts to obtain a key required for decryption from the key management means 98. The key management unit 98 attempts to obtain a corresponding key from the key storage unit 99 as in the sixth embodiment. If the corresponding key is not stored in the key storage unit 99, a message notifying the user is output and the user is prompted to select whether or not to obtain the key from the image encoding device 76 that sent the image. . If a key is obtained, the hierarchy level must also be entered by the user. When obtaining the key, the key management unit 98 requests the image encoding device 76 to distribute the key via the key request transmission unit 100. The transmitted message takes a data format shown in FIG. In this way, by applying a digital signature to the message, it is possible to prevent the transmitted message from being falsified and from impersonating a third party. In response to the transmitted key request message, a key request message represented in the format of FIG. 25A is delivered to the image decryption device 90, and after this is decrypted by the key receiving means 101, the key management message is transmitted. Sent to the means 98. Key management means 98
Uses the authentication means 102 to authenticate whether the message is indeed from the desired image encoding device 76. If the authentication is correct, the key management unit 98 stores the obtained key in the key storage unit 99, and stores the obtained key in the decryption management unit 96.
Returns the obtained key and its hierarchical level.

Next, the flow of processing after receiving the key request message in the image encoding device 76 will be described.
The key request message received by the key request receiving means 86 is delivered to the key obtaining means 85. Key acquisition means 85
Confirms the digital signature attached to the key request message using the authentication means 88, and confirms the message sender. After confirming the message sender, the key acquisition unit 85 requests a key corresponding to the key management unit 82 based on the key identifier described in the message. Next, the obtained key is hierarchized to the hierarchical level described in the key request message using the key hierarchization means 79, and the key obtained thereby is sent to the key transmission means 87. The key transmitting means 87
The key is digitally signed, and the entire message is encrypted with the public key of the sender of the key request message and transmitted. The key transmission message transmitted from the image encoding device 76 has the data format shown in FIG.

As described above, by adding the function of encrypting and transmitting a key and the function of applying a digital signature to each message, online key distribution becomes possible.

In the key request message, FIG.
By replacing the public key certificate with an issuer and a serial number that uniquely indicate the certificate as in (b), the size of the message to be transmitted can be reduced.

In the key request message, FIG.
By encrypting the whole with the other party's public key as in (c), it is possible to prevent information about what key is being requested from a third party from leaking.

Further, in the key transmission message, FIG.
As shown in FIG. 6B, by applying a digital signature including a key identifier and a hierarchical level, it is possible to prevent a sender of a key from transmitting a false key.

[0065]

Since the present invention is configured as described above, it has the following effects.

In the first invention, an encryption key used for encryption is generated by hierarchizing a reference key which is a reference of the encryption key, and is encrypted using an encryption key of a predetermined hierarchy level. The image encoding device can be managed using only one key.

In the second invention, since a plurality of frequency blocks divided by the quantization means are respectively encrypted by the plurality of encryption means in parallel, each frequency block can be encrypted at the same time, and encryption in a short time can be performed. Processing becomes possible.

According to the third aspect of the present invention, by processing the hierarchization of keys by a one-way function, it is possible to easily obtain a lower key from a higher key, and it is possible to manage with only one key. Become.

According to the fourth aspect of the present invention, by using the public key in the public key encryption algorithm, it is possible to generate a higher-order key from the highest-order key.

In the fifth aspect, since the quantized spatial frequency component is divided into a plurality of blocks based on a preset frequency domain division designation, various image quality hierarchies can be set, and different hierarchies can be set. Can be distributed.

In the sixth invention, by adding information about the encrypted frequency block to the frequency block,
The image sender can freely set a different quality hierarchy for each image.

According to the seventh aspect of the present invention, a user having a key of a certain level or more can be added to the encrypted frequency block by adding the level of layering of the key for encrypting the highest frequency domain block to the encrypted frequency block. It is possible to distribute an image so that the image can be completely decoded.

According to the eighth aspect, an encryption key can be generated using either a new reference key generated by the new key generation means or a reference key stored in the key storage means.

According to the ninth aspect, the encryption key corresponding to the key request transmitted through the network can be distributed online through the network.

In the tenth aspect, a decryption key used for decryption is generated by hierarchizing a reference key which is a reference of the decryption key, and decryption is performed using a decryption key of a predetermined hierarchical level. The decryption device can manage with only one key.

In the eleventh invention, the plurality of frequency blocks divided by the separating means are each decoded in parallel by the plurality of decoding means, so that each frequency block can be decoded simultaneously, and the decoding process can be performed in a short time. Becomes possible.

In the twelfth aspect, by processing the hierarchization of keys by a one-way function, it is possible to easily obtain a lower key from a higher key, and it is possible to manage with only one key. Become.

In the thirteenth aspect, encryption using a public key in a public key encryption algorithm makes it possible to generate a higher-order key from the highest-order key.

According to the fourteenth aspect, since the data is divided into a plurality of blocks and decoded based on a preset frequency domain division designation, the decoding process can be performed in a short time.

In the fifteenth aspect, a decryption key can be generated using either a new reference key obtained from the outside or a reference key stored in the key storage means.

In the sixteenth aspect, by adding the key generator identifier to the reference key identifier, it becomes possible to manage keys generated by different image senders in one image decoding apparatus.

[Brief description of the drawings]

FIG. 1 is a configuration diagram of an image encoding device according to a first embodiment.

FIG. 2 is a configuration diagram of an image decoding device according to the first embodiment.

FIG. 3 is a flowchart illustrating a flow of processing of a key hierarchy unit in the image encoding device according to the first embodiment;

FIG. 4 is a flowchart showing a flow of processing of a key hierarchy unit in the image decoding device according to the first embodiment.

FIG. 5 is a diagram illustrating a configuration and a processing flow of an image encoding device according to a second embodiment.

FIG. 6 is a diagram illustrating a configuration and a processing flow of an image decoding device according to a second embodiment.

FIG. 7 is a diagram illustrating a state in which image information is being converted in an image encoding device according to a second embodiment.

FIG. 8 is a configuration diagram of an image encoding device according to a third embodiment.

FIG. 9 is a configuration diagram of an image decoding device according to a third embodiment.

FIG. 10 is a diagram showing a header portion of encrypted image information according to the third embodiment.

FIG. 11 is a diagram showing another example of a header portion of image information.

FIG. 12 is a flowchart showing a flow of processing of a key hierarchy unit in an image encoding device according to a fifth embodiment.

FIG. 13 is a configuration diagram of an image encoding device according to a sixth embodiment.

FIG. 14 is a configuration diagram of an image decoding device according to a sixth embodiment.

FIG. 15 illustrates an image encoding apparatus according to a sixth embodiment.
FIG. 11 is a diagram showing a flow of processing when an existing key is reused.

FIG. 16 shows an image encoding apparatus according to a sixth embodiment.
FIG. 9 is a diagram showing a flow of processing when a new key is generated.

FIG. 17 is a diagram illustrating a format of a key storage table in a key storage unit of the image encoding device according to the sixth embodiment.

FIG. 18 is a diagram illustrating an output format of a key in a key output unit of the image encoding device according to the sixth embodiment.

FIG. 19 is a diagram illustrating a header portion added to encrypted image information of the image encoding device according to the sixth embodiment.

FIG. 20 shows an image decoding apparatus according to a sixth embodiment.
FIG. 9 is a diagram illustrating a format for searching for an existing key.

FIG. 21 is a diagram illustrating a format of a key storage table in a key storage unit of the image decoding apparatus according to the sixth embodiment.

FIG. 22 is a diagram illustrating a format of a key storage table in a key storage unit of the image decoding apparatus according to the seventh embodiment.

FIG. 23 is a configuration diagram of an image encoding device according to an eighth embodiment.

FIG. 24 is a configuration diagram of an image decoding apparatus according to an eighth embodiment.

FIG. 25 shows a data format of a key request message according to the eighth embodiment.

FIG. 26 shows a data format of a key transmission message according to the eighth embodiment.

FIG. 27 is a configuration diagram of a conventional image transmission system.

[Explanation of symbols]

DESCRIPTION OF SYMBOLS 1 Image encryption means, 2 orthogonal transformation means, 3 quantization means, 4 encryption means, 5 encryption management means, 6 key hierarchy means, 7 multiplexing means, 8 image transmission means, 9 network, 10 image decoding Means, 11 separation means, 1
2 decryption means, 13 decryption management means, 14 key hierarchy means, 15 inverse quantization means, 16 inverse orthogonal transform means,
17 Image display means.

Claims (16)

[Claims] 1. An orthogonal transformation means for transforming an image into a spatial frequency component, a quantization means for quantizing the transformed spatial frequency component and dividing it into a plurality of blocks for each predetermined frequency domain, Key hierarchy means for generating a plurality of hierarchized encryption keys using a reference key which is a reference of an encryption key to be encrypted, and a block generated by the key hierarchy means, Image encoding means for encrypting using an encryption key at a hierarchical level. 2. The image encryption means includes: a plurality of encryption means for respectively encrypting a plurality of blocks divided by the quantization means in parallel; and a plurality of encryption means encrypted by the plurality of encryption means. 2. The image encoding apparatus according to claim 1, further comprising multiplexing means for combining blocks into one. 3. The key hierarchization means according to claim 1, wherein said hierarchized encryption keys are generated by a one-way function that can obtain a lower key from an upper key. The image encoding device according to claim 1. 4. The image encoding apparatus according to claim 1, wherein said key layering means generates the plurality of layered encryption keys by encryption using a public key in a public key encryption algorithm. Device. 5. The image code according to claim 1, wherein said quantization means divides the quantized spatial frequency component into a plurality of blocks based on a preset frequency domain division designation. Device. 6. An apparatus according to claim 1, further comprising encryption information adding means for adding information on each block divided by said quantization means to a block encrypted by said image encryption means. Image encoding device. 7. The image encoding apparatus according to claim 6, wherein said encryption information adding means adds a hierarchical level of an encryption key used for encrypting a block in an area having the highest frequency. . 8. A new key generation means for generating a new reference key by generating a random number, and a new reference key generated by the new key generation means.
Key storage means for storing the reference key together with a key identifier for identifying the reference key, wherein the key layering means stores a new reference key generated by the new key generation means or a reference key stored in the key storage means. 2. The image encoding apparatus according to claim 1, wherein the plurality of hierarchized encryption keys are generated using any one of the encryption keys. 9. A key request receiving means for receiving a key request at a predetermined hierarchical level transmitted through a network, and a reference key serving as a reference for the requested encryption key at the hierarchical level, the new key generating means Key obtaining means for generating or extracting from the key storage means and generating the requested hierarchical level encryption key by the key hierarchy means; and transmitting the generated encryption key to the transmission source of the key request 9. The image encoding apparatus according to claim 8, further comprising: a key transmitting unit that performs key transmission. 10. A separating means for quantizing an image converted into a spatial frequency component, dividing the encrypted and transmitted image information into a plurality of blocks for each predetermined frequency region, and a decoding key used for decoding. A decryption key layering means for generating a plurality of hierarchically decrypted keys using a reference key serving as a reference; and a block divided by the separating means, a predetermined hierarchical level generated by the decryption key layering means. An image decoding device, comprising: an image decoding means for decoding by using the decoding key of (1). 11. The image decoding means comprises: a plurality of decoding means for respectively decoding a plurality of blocks divided by the separation means in parallel; and a plurality of blocks decoded by the plurality of decoding means. Inverse quantization means for inversely quantizing the image and converting it into spatial frequency components, and inverse orthogonal transform means for converting the spatial frequency components converted by the inverse quantization means into the original image. Item 11. The image decoding device according to Item 10. 12. The decryption key hierarchiing means generates the plurality of hierarchized decryption keys using a one-way function that can obtain a lower key from a higher key. The image decoding apparatus according to claim 10. 13. The image according to claim 10, wherein the decryption key hierarchical means generates the plurality of hierarchical decryption keys by encryption using a public key in a public key encryption algorithm. Decryption device. 14. The image decoding apparatus according to claim 10, wherein said separation unit divides the image into a plurality of blocks based on a preset frequency domain division designation. 15. A key input means for externally inputting a new reference key, and key storage means for storing the reference key together with a reference key identifier, wherein the decryption key hierarchical means is inputted by the key input means. 11. The image decoding apparatus according to claim 10, wherein the plurality of hierarchized decryption keys are generated by using either the new reference key or a reference key stored in the key storage unit. 16. The image decoding apparatus according to claim 15, wherein said key storage means stores an identifier of a key generator in addition to a reference key identifier.